admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:30:57 +00:00
parent c090efe254
commit 21f157dde1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 4210 additions and 4210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/2xxx/CVE-2006-2677.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2677", "ID": "CVE-2006-2677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en" "lang": "eng",
}, "value": "SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information."
{ }
"name" : "20266", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/20266" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sitescapeforum-avf-path-disclosure(26671)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26671" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en"
},
{
"name": "20266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20266"
},
{
"name": "sitescapeforum-avf-path-disclosure(26671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26671"
}
]
}
}

170
2006/2xxx/CVE-2006-2705.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2705", "ID": "CVE-2006-2705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kb.cert.org/vuls/id/WDON-6QANQU", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/WDON-6QANQU" "lang": "eng",
}, "value": "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages."
{ }
"name" : "VU#207161", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/207161" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2069", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2069" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016184", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016184" ]
}, },
{ "references": {
"name" : "20378", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20378" "name": "20378",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20378"
"name" : "c5evm-registration-message-dos(26742)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26742" "name": "http://www.kb.cert.org/vuls/id/WDON-6QANQU",
} "refsource": "CONFIRM",
] "url": "http://www.kb.cert.org/vuls/id/WDON-6QANQU"
} },
} {
"name": "c5evm-registration-message-dos(26742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26742"
},
{
"name": "ADV-2006-2069",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2069"
},
{
"name": "1016184",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016184"
},
{
"name": "VU#207161",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/207161"
}
]
}
}

190
2006/3xxx/CVE-2006-3192.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3192", "ID": "CVE-2006-3192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1923", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1923" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php."
{ }
"name" : "http://phpwebscripts.com/forum/viewtopic.php?t=1640", ]
"refsource" : "MISC", },
"url" : "http://phpwebscripts.com/forum/viewtopic.php?t=1640" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18558", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18558" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2447", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2447" ]
}, },
{ "references": {
"name" : "26674", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26674" "name": "ADV-2006-2447",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2447"
"name" : "26673", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26673" "name": "admanagerpro-common-ad-file-include(27523)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27523"
"name" : "20744", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20744" "name": "18558",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18558"
"name" : "admanagerpro-common-ad-file-include(27523)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27523" "name": "http://phpwebscripts.com/forum/viewtopic.php?t=1640",
} "refsource": "MISC",
] "url": "http://phpwebscripts.com/forum/viewtopic.php?t=1640"
} },
} {
"name": "26673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26673"
},
{
"name": "20744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20744"
},
{
"name": "1923",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1923"
},
{
"name": "26674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26674"
}
]
}
}

170
2006/3xxx/CVE-2006-3294.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3294", "ID": "CVE-2006-3294",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1955", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1955" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
{ }
"name" : "18660", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18660" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2528", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2528" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26862", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26862" ]
}, },
{ "references": {
"name" : "20823", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20823" "name": "cbsms-multiple-scripts-file-include(27374)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
"name" : "cbsms-multiple-scripts-file-include(27374)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374" "name": "26862",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/26862"
} },
} {
"name": "18660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18660"
},
{
"name": "1955",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1955"
},
{
"name": "ADV-2006-2528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2528"
},
{
"name": "20823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20823"
}
]
}
}

190
2006/3xxx/CVE-2006-3330.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3330", "ID": "CVE-2006-3330",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (\"Title\" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060628 PHPClassifieds General", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438667/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (\"Title\" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php."
{ }
"name" : "18717", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18717" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18713", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18713" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2589", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2589" ]
}, },
{ "references": {
"name" : "1016407", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016407" "name": "18717",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18717"
"name" : "20880", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20880" "name": "20880",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20880"
"name" : "1179", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1179" "name": "phpclassifieds-postingad-xss(27454)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27454"
"name" : "phpclassifieds-postingad-xss(27454)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27454" "name": "18713",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18713"
} },
} {
"name": "20060628 PHPClassifieds General",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438667/100/0/threaded"
},
{
"name": "ADV-2006-2589",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2589"
},
{
"name": "1016407",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016407"
},
{
"name": "1179",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1179"
}
]
}
}

210
2006/3xxx/CVE-2006-3733.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3733", "ID": "CVE-2006-3733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060720 Cisco MARS < 4.2.1 remote compromise", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440641/100/100/threaded" "lang": "eng",
}, "value": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name."
{ }
"name" : "20060720 Cisco MARS < 4.2.1 remote compromise", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", "description": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19071", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19071" ]
}, },
{ "references": {
"name" : "19075", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19075" "name": "19071",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19071"
"name" : "ADV-2006-2887", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2887" "name": "cisco-jboss-command-execution(27811)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
"name" : "27419", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27419" "name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
"name" : "1016537", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016537" "name": "21118",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21118"
"name" : "21118", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21118" "name": "20060720 Cisco MARS < 4.2.1 remote compromise",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
"name" : "cisco-jboss-command-execution(27811)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811" "name": "ADV-2006-2887",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2887"
} },
} {
"name": "19075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19075"
},
{
"name": "20060720 Cisco MARS < 4.2.1 remote compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "27419",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27419"
},
{
"name": "1016537",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016537"
}
]
}
}

130
2006/6xxx/CVE-2006-6012.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6012", "ID": "CVE-2006-6012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-4532", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4532" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "carsitemanager-listings-xss(30274)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30274" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4532"
},
{
"name": "carsitemanager-listings-xss(30274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30274"
}
]
}
}

34
2006/6xxx/CVE-2006-6325.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6325", "ID": "CVE-2006-6325",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2006/6xxx/CVE-2006-6396.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6396", "ID": "CVE-2006-6396",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2880", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2880" "lang": "eng",
}, "value": "Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected."
{ }
"name" : "21399", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21399" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30442", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30442" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23192", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23192" ]
} },
] "references": {
} "reference_data": [
} {
"name": "2880",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2880"
},
{
"name": "23192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23192"
},
{
"name": "30442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30442"
},
{
"name": "21399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21399"
}
]
}
}

160
2006/6xxx/CVE-2006-6537.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6537", "ID": "CVE-2006-6537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061211 Unauthenticated access to IBM Host On-Demand administration pages", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/454050/100/0/threaded" "lang": "eng",
}, "value": "IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html."
{ }
"name" : "ADV-2006-4943", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/4943" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22652", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22652" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2030", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2030" ]
}, },
{ "references": {
"name" : "websphere-pnl-authentication-bypass(30826)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30826" "name": "websphere-pnl-authentication-bypass(30826)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30826"
} },
} {
"name": "22652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22652"
},
{
"name": "20061211 Unauthenticated access to IBM Host On-Demand administration pages",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454050/100/0/threaded"
},
{
"name": "2030",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2030"
},
{
"name": "ADV-2006-4943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4943"
}
]
}
}

170
2006/6xxx/CVE-2006-6754.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6754", "ID": "CVE-2006-6754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/455084/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors."
{ }
"name" : "http://acid-root.new.fr/poc/16061221.txt", ]
"refsource" : "MISC", },
"url" : "http://acid-root.new.fr/poc/16061221.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21710", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21710" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-5133", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/5133" ]
}, },
{ "references": {
"name" : "23453", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23453" "name": "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/455084/100/0/threaded"
"name" : "2073", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2073" "name": "ADV-2006-5133",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/5133"
} },
} {
"name": "21710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21710"
},
{
"name": "23453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23453"
},
{
"name": "http://acid-root.new.fr/poc/16061221.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/16061221.txt"
},
{
"name": "2073",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2073"
}
]
}
}

34
2010/2xxx/CVE-2010-2781.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2781", "ID": "CVE-2010-2781",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2011/0xxx/CVE-2011-0722.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2011-0722", "ID": "CVE-2011-0722",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ffmpeg.mplayerhq.hu/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://ffmpeg.mplayerhq.hu/" "lang": "eng",
}, "value": "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file."
{ }
"name" : "DSA-2306", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2011/dsa-2306" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2011:061", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2011:062", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" ]
}, },
{ "references": {
"name" : "MDVSA-2011:089", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" "name": "DSA-2306",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2306"
"name" : "MDVSA-2011:114", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" "name": "MDVSA-2011:061",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
"name" : "USN-1104-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-1104-1/" "name": "MDVSA-2011:062",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
"name" : "47149", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47149" "name": "MDVSA-2011:114",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
"name" : "ADV-2011-1241", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1241" "name": "USN-1104-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/usn-1104-1/"
} },
} {
"name": "MDVSA-2011:089",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"name": "http://ffmpeg.mplayerhq.hu/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"name": "ADV-2011-1241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1241"
},
{
"name": "47149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47149"
}
]
}
}

230
2011/0xxx/CVE-2011-0757.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0757", "ID": "CVE-2011-0757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811" "lang": "eng",
}, "value": "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21426108", ]
"refsource" : "CONFIRM", }
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21426108" ]
}, },
{ "references": {
"name" : "IC66811", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC66811" "name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815"
"name" : "IC66814", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC66814" "name": "IC66814",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814"
"name" : "IC66815", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC66815" "name": "43148",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43148"
"name" : "46064", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46064" "name": "IC66815",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815"
"name" : "70773", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70773" "name": "http://www.ibm.com/support/docview.wss?uid=swg21426108",
}, "refsource": "CONFIRM",
{ "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108"
"name" : "oval:org.mitre.oval:def:14295", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295" "name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814"
"name" : "43148", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43148" "name": "70773",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/70773"
"name" : "ibm-db2-dbadm-priv-esc(65008)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008" "name": "oval:org.mitre.oval:def:14295",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295"
} },
} {
"name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811"
},
{
"name": "ibm-db2-dbadm-priv-esc(65008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008"
},
{
"name": "46064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46064"
},
{
"name": "IC66811",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811"
}
]
}
}

140
2011/0xxx/CVE-2011-0914.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0914", "ID": "CVE-2011-0914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-052/", "description_data": [
"refsource" : "MISC", {
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-052/" "lang": "eng",
}, "value": "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43208", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43208" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "43208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43208"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-052/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-052/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}

360
2011/1xxx/CVE-2011-1071.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1071", "ID": "CVE-2011-1071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome."
{ }
"name" : "20110224 glibc and alloca()", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2011/Feb/635" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20110226 Re: glibc and alloca()", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2011/Feb/644" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110228 Re: cve request: eglibc memory corruption", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2011/02/28/11" ]
}, },
{ "references": {
"name" : "[oss-security] 20110228 Re: cve request: eglibc memory corruption", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/02/28/15" "name": "46563",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46563"
"name" : "[oss-security] 20110228 cve request: eglibc memory corruption", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/02/26/3" "name": "8175",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8175"
"name" : "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html", },
"refsource" : "MISC", {
"url" : "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681054",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
"name" : "http://bugs.debian.org/615120", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/615120" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "http://code.google.com/p/chromium/issues/detail?id=48733", },
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=48733" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11883", },
"refsource" : "CONFIRM", {
"url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11883" "name": "RHSA-2011:0412",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html"
"name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6", },
"refsource" : "CONFIRM", {
"url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6" "name": "ADV-2011-0863",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0863"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681054", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681054" "name": "http://bugs.debian.org/615120",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/615120"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "43989",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43989"
"name" : "MDVSA-2011:178", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" "name": "1025290",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025290"
"name" : "RHSA-2011:0412", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0412.html" "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883",
}, "refsource": "CONFIRM",
{ "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883"
"name" : "RHSA-2011:0413", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0413.html" "name": "43492",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43492"
"name" : "46563", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46563" "name": "[oss-security] 20110228 cve request: eglibc memory corruption",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/02/26/3"
"name" : "oval:org.mitre.oval:def:12853", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853" "name": "oval:org.mitre.oval:def:12853",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853"
"name" : "1025290", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025290" "name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/02/28/11"
"name" : "43492", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43492" "name": "20110224 glibc and alloca()",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2011/Feb/635"
"name" : "43830", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43830" "name": "20110226 Re: glibc and alloca()",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2011/Feb/644"
"name" : "43989", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43989" "name": "MDVSA-2011:178",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "43830",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43830"
"name" : "8175", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8175" "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6",
}, "refsource": "CONFIRM",
{ "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6"
"name" : "ADV-2011-0863", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0863" "name": "RHSA-2011:0413",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html"
} },
} {
"name": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/15"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=48733",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=48733"
}
]
}
}

170
2011/1xxx/CVE-2011-1739.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secteam@freebsd.org",
"ID" : "CVE-2011-1739", "ID": "CVE-2011-1739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-11:01", "description_data": [
"refsource" : "FREEBSD", {
"url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc" "lang": "eng",
}, "value": "The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request."
{ }
"name" : "47517", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/47517" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1025425", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025425" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44307", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/44307" ]
}, },
{ "references": {
"name" : "ADV-2011-1076", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1076" "name": "ADV-2011-1076",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/1076"
"name" : "freebsd-mountd-security-bypass(66981)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981" "name": "FreeBSD-SA-11:01",
} "refsource": "FREEBSD",
] "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc"
} },
} {
"name": "47517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47517"
},
{
"name": "freebsd-mountd-security-bypass(66981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981"
},
{
"name": "1025425",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025425"
},
{
"name": "44307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44307"
}
]
}
}

130
2011/3xxx/CVE-2011-3393.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3393", "ID": "CVE-2011-3393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter."
{ }
"name" : "8376", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/8376" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt",
"refsource": "MISC",
"url": "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt"
},
{
"name": "8376",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8376"
}
]
}
}

260
2011/3xxx/CVE-2011-3881.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3881", "ID": "CVE-2011-3881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html" "lang": "eng",
}, "value": "WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function."
{ }
"name" : "http://code.google.com/p/chromium/issues/detail?id=96047", ]
"refsource" : "CONFIRM", },
"url" : "http://code.google.com/p/chromium/issues/detail?id=96047" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/chromium/issues/detail?id=96885", "description": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=96885" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://code.google.com/p/chromium/issues/detail?id=98053", ]
"refsource" : "CONFIRM", }
"url" : "http://code.google.com/p/chromium/issues/detail?id=98053" ]
}, },
{ "references": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=99512", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=99512" "name": "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html",
}, "refsource": "MISC",
{ "url": "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html"
"name" : "http://code.google.com/p/chromium/issues/detail?id=99750", },
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=99750" "name": "http://code.google.com/p/chromium/issues/detail?id=98053",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=98053"
"name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", },
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" "name": "http://code.google.com/p/chromium/issues/detail?id=96885",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=96885"
"name" : "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef", },
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef" "name": "http://code.google.com/p/chromium/issues/detail?id=96047",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=96047"
"name" : "APPLE-SA-2012-03-07-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" "name": "1026774",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026774"
"name" : "APPLE-SA-2012-03-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "oval:org.mitre.oval:def:12940", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940" "name": "http://code.google.com/p/chromium/issues/detail?id=99750",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=99750"
"name" : "1026774", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026774" "name": "google-chrome-security-bypass(70959)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70959"
"name" : "48288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48288" "name": "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef",
}, "refsource": "CONFIRM",
{ "url": "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "http://code.google.com/p/chromium/issues/detail?id=99512",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=99512"
"name" : "google-chrome-security-bypass(70959)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70959" "name": "APPLE-SA-2012-03-12-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
} },
} {
"name": "oval:org.mitre.oval:def:12940",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

160
2011/4xxx/CVE-2011-4103.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4103", "ID": "CVE-2011-4103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111101 Re: CVE request for Django-piston and Tastypie", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/11/01/10" "lang": "eng",
}, "value": "emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method."
{ }
"name" : "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/", ]
"refsource" : "MISC", },
"url" : "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750658", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750658" ]
}, },
{ "references": {
"name" : "DSA-2344", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2344" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750658",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750658"
} },
} {
"name": "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/"
},
{
"name": "DSA-2344",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2344"
},
{
"name": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/"
},
{
"name": "[oss-security] 20111101 Re: CVE request for Django-piston and Tastypie",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/01/10"
}
]
}
}

160
2011/4xxx/CVE-2011-4346.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4346", "ID": "CVE-2011-4346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=742050", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=742050" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page."
{ }
"name" : "RHSA-2011:1794", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1794.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50963", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50963" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026391", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026391" ]
}, },
{ "references": {
"name" : "47162", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47162" "name": "47162",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/47162"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=742050",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742050"
},
{
"name": "RHSA-2011:1794",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1794.html"
},
{
"name": "50963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50963"
},
{
"name": "1026391",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026391"
}
]
}
}

140
2011/4xxx/CVE-2011-4644.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4644", "ID": "CVE-2011-4644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18245", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18245/" "lang": "eng",
}, "value": "Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request."
{ }
"name" : "http://www.sec-1.com/blog/?p=233", ]
"refsource" : "MISC", },
"url" : "http://www.sec-1.com/blog/?p=233" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.sec-1.com/blog/?p=233",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/?p=233"
},
{
"name": "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf"
},
{
"name": "18245",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18245/"
}
]
}
}

120
2011/5xxx/CVE-2011-5296.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5296", "ID": "CVE-2011-5296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB23001", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23001" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23001",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23001"
}
]
}
}

130
2013/5xxx/CVE-2013-5468.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5468", "ID": "CVE-2013-5468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110" "lang": "eng",
}, "value": "IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network."
{ }
"name" : "ibm-algo-one-cve20135468-encryption(88382)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88382" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110"
},
{
"name": "ibm-algo-one-cve20135468-encryption(88382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88382"
}
]
}
}

150
2013/5xxx/CVE-2013-5663.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5663", "ID": "CVE-2013-5663",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx", "description_data": [
"refsource" : "MISC", {
"url" : "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx" "lang": "eng",
}, "value": "The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195."
{ }
"name" : "http://pastie.org/pastes/5568186/text", ]
"refsource" : "MISC", },
"url" : "http://pastie.org/pastes/5568186/text" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/19", ]
"refsource" : "CONFIRM", }
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/19" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/19",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/19"
},
{
"name": "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/",
"refsource": "CONFIRM",
"url": "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/"
},
{
"name": "http://pastie.org/pastes/5568186/text",
"refsource": "MISC",
"url": "http://pastie.org/pastes/5568186/text"
},
{
"name": "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx",
"refsource": "MISC",
"url": "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx"
}
]
}
}

140
2014/2xxx/CVE-2014-2604.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2014-2604", "ID": "CVE-2014-2604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBGN03007", "description_data": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900" "lang": "eng",
}, "value": "Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors."
{ }
"name" : "SSRT101515", ]
"refsource" : "HP", },
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030264", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030264" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "SSRT101515",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900"
},
{
"name": "HPSBGN03007",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900"
},
{
"name": "1030264",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030264"
}
]
}
}

130
2014/3xxx/CVE-2014-3443.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3443", "ID": "CVE-2014-3443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33332", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/33332" "lang": "eng",
}, "value": "JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file."
{ }
"name" : "67319", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67319" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33332",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33332"
},
{
"name": "67319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67319"
}
]
}
}

1250
2014/6xxx/CVE-2014-6278.json
View File

File diff suppressed because it is too large Load Diff

140
2014/6xxx/CVE-2014-6737.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6737", "ID": "CVE-2014-6737",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#243257", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/243257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#243257",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/243257"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6774.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6774", "ID": "CVE-2014-6774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#697601", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/697601" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#697601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697601"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7018.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7018", "ID": "CVE-2014-7018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#473993", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/473993" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#473993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/473993"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7103.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7103", "ID": "CVE-2014-7103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#643481", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/643481" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#643481",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/643481"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7437.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7437", "ID": "CVE-2014-7437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#937753", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/937753" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#937753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/937753"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/7xxx/CVE-2014-7994.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-7994", "ID": "CVE-2014-7994",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798" "lang": "eng",
}, "value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991."
{ }
"name" : "https://dashboard.meraki.com/firmware_security", ]
"refsource" : "CONFIRM", },
"url" : "https://dashboard.meraki.com/firmware_security" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798"
},
{
"name": "https://dashboard.meraki.com/firmware_security",
"refsource": "CONFIRM",
"url": "https://dashboard.meraki.com/firmware_security"
}
]
}
}

140
2017/0xxx/CVE-2017-0008.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0008", "ID": "CVE-2017-0008",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Internet Explorer", "product_name": "Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Internet Explorer 9 through 11" "version_value": "Internet Explorer 9 through 11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059."
{ }
"name" : "96073", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96073" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038008", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038008" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96073"
}
]
}
}

132
2017/0xxx/CVE-2017-0790.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00", "DATE_PUBLIC": "2017-09-05T00:00:00",
"ID" : "CVE-2017-0790", "ID": "CVE-2017-0790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android kernel" "version_value": "Android kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-09-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-09-01" "lang": "eng",
}, "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101."
{ }
"name" : "100655", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100655" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100655"
}
]
}
}

120
2017/18xxx/CVE-2017-18242.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18242", "ID": "CVE-2017-18242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1093", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1093" "lang": "eng",
} "value": "The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1093",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1093"
}
]
}
}

130
2017/18xxx/CVE-2017-18357.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18357", "ID": "CVE-2017-18357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/" "lang": "eng",
}, "value": "Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object."
{ }
"name" : "https://demo.ripstech.com/projects/shopware_5.3.3", ]
"refsource" : "MISC", },
"url" : "https://demo.ripstech.com/projects/shopware_5.3.3" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://demo.ripstech.com/projects/shopware_5.3.3",
"refsource": "MISC",
"url": "https://demo.ripstech.com/projects/shopware_5.3.3"
},
{
"name": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/"
}
]
}
}

140
2017/1xxx/CVE-2017-1220.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2017-1220", "ID": "CVE-2017-1220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860" "lang": "eng",
}, "value": "IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009673", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009673" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101571", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101571" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "101571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101571"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009673",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009673"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860"
}
]
}
}

34
2017/1xxx/CVE-2017-1260.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1260", "ID": "CVE-2017-1260",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1288.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1288", "ID": "CVE-2017-1288",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2017/1xxx/CVE-2017-1710.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-08T00:00:00", "DATE_PUBLIC": "2017-11-08T00:00:00",
"ID" : "CVE-2017-1710", "ID": "CVE-2017-1710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Storwize V7000 (2076)", "product_name": "Storwize V7000 (2076)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531" "lang": "eng",
}, "value": "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101770", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101770" "lang": "eng",
}, "value": "Gain Privileges"
{ }
"name" : "1039776", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039776" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788"
},
{
"name": "1039776",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039776"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531"
},
{
"name": "101770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101770"
}
]
}
}

288
2017/1xxx/CVE-2017-1717.json
View File

@ -1,146 +1,146 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00", "DATE_PUBLIC": "2018-06-28T00:00:00",
"ID" : "CVE-2017-1717", "ID": "CVE-2017-1717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Quality Manager", "product_name": "Rational Quality Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
}, },
{ {
"product_name" : "Rational Collaborative Lifecycle Management", "product_name": "Rational Collaborative Lifecycle Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www-prd-trops.events.ibm.com/node/715749", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www-prd-trops.events.ibm.com/node/715749" "lang": "eng",
}, "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796."
{ }
"name" : "ibm-rqm-cve20171717-xss(134796)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-rqm-cve20171717-xss(134796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796"
},
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
}
]
}
}

170
2017/5xxx/CVE-2017-5099.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5099", "ID": "CVE-2017-5099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 60.0.3112.78 for Mac", "product_name": "Google Chrome prior to 60.0.3112.78 for Mac",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 60.0.3112.78 for Mac" "version_value": "Google Chrome prior to 60.0.3112.78 for Mac"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient validation of untrusted input"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page."
{ }
"name" : "https://crbug.com/733548", ]
"refsource" : "MISC", },
"url" : "https://crbug.com/733548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3926", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3926" "lang": "eng",
}, "value": "Insufficient validation of untrusted input"
{ }
"name" : "GLSA-201709-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201709-15" ]
}, },
{ "references": {
"name" : "RHSA-2017:1833", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1833" "name": "https://crbug.com/733548",
}, "refsource": "MISC",
{ "url": "https://crbug.com/733548"
"name" : "99950", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99950" "name": "GLSA-201709-15",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201709-15"
} },
} {
"name": "DSA-3926",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3926"
},
{
"name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name": "99950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99950"
},
{
"name": "RHSA-2017:1833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1833"
}
]
}
}

170
2017/5xxx/CVE-2017-5590.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5590", "ID": "CVE-2017-5590",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/02/09/29", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2017/02/09/29" "lang": "eng",
}, "value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS)."
{ }
"name" : "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856", ]
"refsource" : "MISC", },
"url" : "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", ]
"refsource" : "MISC", }
"url" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" ]
}, },
{ "references": {
"name" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", "reference_data": [
"refsource" : "MISC", {
"url" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" "name": "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3",
}, "refsource": "MISC",
{ "url": "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3"
"name" : "96165", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96165" "name": "http://openwall.com/lists/oss-security/2017/02/09/29",
} "refsource": "MISC",
] "url": "http://openwall.com/lists/oss-security/2017/02/09/29"
} },
} {
"name": "96165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96165"
},
{
"name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/",
"refsource": "MISC",
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf",
"refsource": "MISC",
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
},
{
"name": "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856",
"refsource": "MISC",
"url": "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856"
}
]
}
}

148
2017/5xxx/CVE-2017-5635.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2017-5635", "ID": "CVE-2017-5635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache NiFi", "product_name": "Apache NiFi",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.7.0" "version_value": "0.7.0"
}, },
{ {
"version_value" : "0.7.1" "version_value": "0.7.1"
}, },
{ {
"version_value" : "1.1.0" "version_value": "1.1.0"
}, },
{ {
"version_value" : "1.1.1" "version_value": "1.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the \"anonymous\" user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nifi.apache.org/security.html#CVE-2017-5635", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://nifi.apache.org/security.html#CVE-2017-5635" "lang": "eng",
}, "value": "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the \"anonymous\" user."
{ }
"name" : "96730", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96730" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nifi.apache.org/security.html#CVE-2017-5635",
"refsource": "CONFIRM",
"url": "https://nifi.apache.org/security.html#CVE-2017-5635"
},
{
"name": "96730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96730"
}
]
}
}

172
2017/5xxx/CVE-2017-5710.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00", "DATE_PUBLIC": "2017-11-20T00:00:00",
"ID" : "CVE-2017-5710", "ID": "CVE-2017-5710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trusted Execution Engine", "product_name": "Trusted Execution Engine",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.0" "version_value": "3.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" "lang": "eng",
}, "value": "Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20171120-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20171120-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0" "lang": "eng",
}, "value": "Elevation of Privilege"
{ }
"name" : "https://www.synology.com/support/security/Synology_SA_17_73", ]
"refsource" : "CONFIRM", }
"url" : "https://www.synology.com/support/security/Synology_SA_17_73" ]
}, },
{ "references": {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" "name": "https://security.netapp.com/advisory/ntap-20171120-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20171120-0001/"
"name" : "101922", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101922" "name": "101922",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/101922"
} },
} {
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_73",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_73"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource": "CONFIRM",
"url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
}
]
}
}

142
2017/5xxx/CVE-2017-5790.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-03-07T00:00:00", "DATE_PUBLIC": "2017-03-07T00:00:00",
"ID" : "CVE-2017-5790", "ID": "CVE-2017-5790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (IMC) PLAT", "product_name": "Intelligent Management Center (IMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2 E0403P06" "version_value": "7.2 E0403P06"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote deserialization of untrusted data"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2017-12", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2017-12" "lang": "eng",
}, "value": "A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found."
{ }
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us", ]
"refsource" : "CONFIRM", },
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96755", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96755" "lang": "eng",
} "value": "remote deserialization of untrusted data"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96755"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-12",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-12"
}
]
}
}