admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:55:47 +00:00
parent 93194105c5
commit 2242acfaa2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3327 additions and 3327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0238.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0238", "ID": "CVE-2006-0238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://osvdb.org/ref/22/22450-wpstats.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://osvdb.org/ref/22/22450-wpstats.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter."
{ }
"name" : "http://www.lesterchan.net/blogs/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.lesterchan.net/blogs/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16241", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16241" ]
}, },
{ "references": {
"name" : "ADV-2006-0192", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0192" "name": "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability",
}, "refsource": "CONFIRM",
{ "url": "http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability"
"name" : "22450", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22450" "name": "http://osvdb.org/ref/22/22450-wpstats.txt",
}, "refsource": "MISC",
{ "url": "http://osvdb.org/ref/22/22450-wpstats.txt"
"name" : "18471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18471" "name": "ADV-2006-0192",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0192"
"name" : "wpstats-script-sql-injection(24163)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24163" "name": "22450",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22450"
} },
} {
"name": "http://www.lesterchan.net/blogs/",
"refsource": "CONFIRM",
"url": "http://www.lesterchan.net/blogs/"
},
{
"name": "wpstats-script-sql-injection(24163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24163"
},
{
"name": "18471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18471"
},
{
"name": "16241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16241"
}
]
}
}

170
2006/3xxx/CVE-2006-3235.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3235", "ID": "CVE-2006-3235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/fineshop-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/fineshop-vuln.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters."
{ }
"name" : "18743", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18743" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2616", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2616" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016350", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016350" ]
}, },
{ "references": {
"name" : "20901", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20901" "name": "http://pridels0.blogspot.com/2006/06/fineshop-vuln.html",
}, "refsource": "MISC",
{ "url": "http://pridels0.blogspot.com/2006/06/fineshop-vuln.html"
"name" : "fineshop-index-xss(27279)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27279" "name": "fineshop-index-xss(27279)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27279"
} },
} {
"name": "20901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20901"
},
{
"name": "ADV-2006-2616",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2616"
},
{
"name": "1016350",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016350"
},
{
"name": "18743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18743"
}
]
}
}

170
2006/3xxx/CVE-2006-3514.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3514", "ID": "CVE-2006-3514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060707 PHP-Blogger Multiple Cross Site Scripting Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/439440/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters."
{ }
"name" : "18909", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18909" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2710", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2710" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20989", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20989" ]
}, },
{ "references": {
"name" : "1202", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1202" "name": "php-blogger-adminactions-xss(27630)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27630"
"name" : "php-blogger-adminactions-xss(27630)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27630" "name": "ADV-2006-2710",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2710"
} },
} {
"name": "20060707 PHP-Blogger Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439440/100/0/threaded"
},
{
"name": "20989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20989"
},
{
"name": "1202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1202"
},
{
"name": "18909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18909"
}
]
}
}

220
2006/3xxx/CVE-2006-3790.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3790", "ID": "CVE-2006-3790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060716 Multiple vulnerabilities in UFO2000 svn 1057", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440293/100/0/threaded" "lang": "eng",
}, "value": "The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read."
{ }
"name" : "http://aluigi.altervista.org/adv/ufo2ko-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/ufo2ko-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200702-10", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml" ]
}, },
{ "references": {
"name" : "19035", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19035" "name": "1016503",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016503"
"name" : "ADV-2006-2837", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2837" "name": "20060716 Multiple vulnerabilities in UFO2000 svn 1057",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/440293/100/0/threaded"
"name" : "1016503", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016503" "name": "1259",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1259"
"name" : "21091", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21091" "name": "ufo2000-decodestringmap-dos(27800)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27800"
"name" : "24297", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24297" "name": "24297",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24297"
"name" : "1259", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1259" "name": "21091",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21091"
"name" : "ufo2000-decodestringmap-dos(27800)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27800" "name": "GLSA-200702-10",
} "refsource": "GENTOO",
] "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-10.xml"
} },
} {
"name": "ADV-2006-2837",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2837"
},
{
"name": "19035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19035"
},
{
"name": "http://aluigi.altervista.org/adv/ufo2ko-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ufo2ko-adv.txt"
},
{
"name": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log",
"refsource": "CONFIRM",
"url": "http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_transport.cpp?view=log"
}
]
}
}

190
2006/3xxx/CVE-2006-3875.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2006-3875", "ID": "CVE-2006-3875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02161", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867."
{ }
"name" : "SSRT061264", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS06-059", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#252500", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/252500" ]
}, },
{ "references": {
"name" : "20391", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20391" "name": "oval:org.mitre.oval:def:486",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A486"
"name" : "ADV-2006-3978", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3978" "name": "20391",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20391"
"name" : "oval:org.mitre.oval:def:486", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A486" "name": "SSRT061264",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
"name" : "1017031", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017031" "name": "VU#252500",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/252500"
} },
} {
"name": "MS06-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059"
},
{
"name": "1017031",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017031"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3978"
}
]
}
}

170
2006/3xxx/CVE-2006-3974.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2006-3974", "ID": "CVE-2006-3974",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2006-60/advisory/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2006-60/advisory/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter."
{ }
"name" : "24374", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24374" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2103", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2103" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36888", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/36888" ]
}, },
{ "references": {
"name" : "21255", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21255" "name": "http://secunia.com/secunia_research/2006-60/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2006-60/advisory/"
"name" : "3com-officeconnect-tk-xss(34776)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34776" "name": "21255",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21255"
} },
} {
"name": "24374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24374"
},
{
"name": "ADV-2007-2103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2103"
},
{
"name": "3com-officeconnect-tk-xss(34776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34776"
},
{
"name": "36888",
"refsource": "OSVDB",
"url": "http://osvdb.org/36888"
}
]
}
}

140
2006/4xxx/CVE-2006-4213.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4213", "ID": "CVE-2006-4213",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2166", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2166" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
{ }
"name" : "ADV-2006-3257", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/3257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "thatware-config-file-include(28313)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28313" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2166",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2166"
},
{
"name": "ADV-2006-3257",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3257"
},
{
"name": "thatware-config-file-include(28313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28313"
}
]
}
}

160
2006/4xxx/CVE-2006-4613.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4613", "ID": "CVE-2006-4613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cyberguard.info/snapgear/releases.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cyberguard.info/snapgear/releases.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018."
{ }
"name" : "19805", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19805" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21707", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21707" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "snapgear-unspecified-clamav-dos(28705)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28705" ]
}, },
{ "references": {
"name" : "snapgear-unspecified-replay-dos(28702)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28702" "name": "19805",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19805"
} },
} {
"name": "snapgear-unspecified-clamav-dos(28705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28705"
},
{
"name": "21707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21707"
},
{
"name": "http://www.cyberguard.info/snapgear/releases.html",
"refsource": "CONFIRM",
"url": "http://www.cyberguard.info/snapgear/releases.html"
},
{
"name": "snapgear-unspecified-replay-dos(28702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28702"
}
]
}
}

200
2006/4xxx/CVE-2006-4670.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4670", "ID": "CVE-2006-4670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060908 PhotoKorn Gallery => 1.52 (dir_path) Remote File Inclusion Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445582/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php."
{ }
"name" : "20060907 PhotoKorn Gallery => 1.52 (dir_path) Remote File Inclusion Exploit", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-09/0119.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2327", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2327" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19914", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19914" ]
}, },
{ "references": {
"name" : "ADV-2006-3520", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3520" "name": "photokorn-dirpath-file-include(28811)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28811"
"name" : "28601", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28601" "name": "ADV-2006-3520",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3520"
"name" : "28602", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28602" "name": "20060907 PhotoKorn Gallery => 1.52 (dir_path) Remote File Inclusion Exploit",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0119.html"
"name" : "21796", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21796" "name": "21796",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21796"
"name" : "photokorn-dirpath-file-include(28811)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28811" "name": "28601",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/28601"
} },
} {
"name": "19914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19914"
},
{
"name": "28602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28602"
},
{
"name": "20060908 PhotoKorn Gallery => 1.52 (dir_path) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445582/100/0/threaded"
},
{
"name": "2327",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2327"
}
]
}
}

120
2006/6xxx/CVE-2006-6466.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6466", "ID": "CVE-2006-6466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-4823", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4823" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4823",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4823"
}
]
}
}

120
2006/7xxx/CVE-2006-7223.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7223", "ID": "CVE-2006-7223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jira.xwiki.org/jira/browse/XWIKI-366", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://jira.xwiki.org/jira/browse/XWIKI-366" "lang": "eng",
} "value": "PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jira.xwiki.org/jira/browse/XWIKI-366",
"refsource": "CONFIRM",
"url": "http://jira.xwiki.org/jira/browse/XWIKI-366"
}
]
}
}

150
2010/2xxx/CVE-2010-2125.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2125", "ID": "CVE-2010-2125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with \"create rotor item\" or \"edit any rotor item\" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/803930", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/803930" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with \"create rotor item\" or \"edit any rotor item\" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute."
{ }
"name" : "64770", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/64770" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39883", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39883" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "rotorbanner-image-xss(58719)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58719" ]
} },
] "references": {
} "reference_data": [
} {
"name": "64770",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64770"
},
{
"name": "39883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39883"
},
{
"name": "http://drupal.org/node/803930",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803930"
},
{
"name": "rotorbanner-image-xss(58719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58719"
}
]
}
}

190
2010/2xxx/CVE-2010-2337.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2010-2337", "ID": "CVE-2010-2337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100721 ESA-2010-011: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSAR Federated Identity Manager", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html" "lang": "eng",
}, "value": "Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors."
{ }
"name" : "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692", ]
"refsource" : "CONFIRM", },
"url" : "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "41850", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41850" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "66504", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/66504" ]
}, },
{ "references": {
"name" : "1024239", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024239" "name": "1024239",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024239"
"name" : "40704", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40704" "name": "20100721 ESA-2010-011: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSAR Federated Identity Manager",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html"
"name" : "ADV-2010-1880", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1880" "name": "40704",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40704"
"name" : "rsa-redirection-weak-security(60564)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60564" "name": "41850",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/41850"
} },
} {
"name": "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692",
"refsource": "CONFIRM",
"url": "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692"
},
{
"name": "66504",
"refsource": "OSVDB",
"url": "http://osvdb.org/66504"
},
{
"name": "ADV-2010-1880",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1880"
},
{
"name": "rsa-redirection-weak-security(60564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60564"
}
]
}
}

34
2010/2xxx/CVE-2010-2780.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2780", "ID": "CVE-2010-2780",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2010/3xxx/CVE-2010-3522.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3522", "ID": "CVE-2010-3522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0592.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-0592", "ID": "CVE-2011-0592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to \"Texture bmp,\" a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-068/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-068/" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to \"Texture bmp,\" a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2011:0301", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46210", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/46210" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:11819", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11819" "name": "ADV-2011-0492",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0492"
"name" : "1025033", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025033" "name": "43470",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43470"
"name" : "43470", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43470" "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-068/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-068/"
"name" : "ADV-2011-0337", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0337" "name": "RHSA-2011:0301",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
"name" : "ADV-2011-0492", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0492" "name": "46210",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/46210"
} },
} {
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "oval:org.mitre.oval:def:11819",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11819"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

240
2011/0xxx/CVE-2011-0788.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0788", "ID": "CVE-2011-0788",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786."
{ }
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02697", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT100591", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" ]
}, },
{ "references": {
"name" : "HPSBMU02797", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "SSRT100867", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "oval:org.mitre.oval:def:14568",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14568"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
"name" : "SUSE-SA:2011:030", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" "name": "oval:org.mitre.oval:def:14140",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14140"
"name" : "SUSE-SU-2011:0807", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" "name": "44930",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44930"
"name" : "openSUSE-SU-2011:0633", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" "name": "SUSE-SA:2011:030",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
"name" : "oval:org.mitre.oval:def:14140", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14140" "name": "SSRT100591",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
"name" : "oval:org.mitre.oval:def:14568", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14568" "name": "SSRT100867",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
"name" : "44930", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44930" "name": "SUSE-SU-2011:0807",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
} },
} {
"name": "openSUSE-SU-2011:0633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name": "HPSBUX02697",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
}
]
}
}

160
2011/1xxx/CVE-2011-1169.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1169", "ID": "CVE-2011-1169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110318 CVE request: kernel: AudioScience HPI driver", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/03/18/1" "lang": "eng",
}, "value": "Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer."
{ }
"name" : "[oss-security] 20110318 Re: CVE request: kernel: AudioScience HPI driver", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/03/18/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.1", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.1" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688898", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688898" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688898",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688898"
} },
} {
"name": "[oss-security] 20110318 CVE request: kernel: AudioScience HPI driver",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/18/1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.1"
},
{
"name": "[oss-security] 20110318 Re: CVE request: kernel: AudioScience HPI driver",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/18/2"
}
]
}
}

130
2011/1xxx/CVE-2011-1370.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1370", "ID": "CVE-2011-1370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21569452", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21569452" "lang": "eng",
}, "value": "The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message."
{ }
"name" : "lotussametime-configserv-info-disclosure(70923)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70923" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotussametime-configserv-info-disclosure(70923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70923"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21569452",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21569452"
}
]
}
}

180
2011/1xxx/CVE-2011-1426.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1426", "ID": "CVE-2011-1426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110412 ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517470/100/0/threaded" "lang": "eng",
}, "value": "The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file."
{ }
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-122/", ]
"refsource" : "MISC", },
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-122/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://service.real.com/realplayer/security/04122011_player/en/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/04122011_player/en/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47335", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/47335" ]
}, },
{ "references": {
"name" : "1025351", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025351" "name": "20110412 ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/517470/100/0/threaded"
"name" : "ADV-2011-0979", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0979" "name": "http://service.real.com/realplayer/security/04122011_player/en/",
}, "refsource": "CONFIRM",
{ "url": "http://service.real.com/realplayer/security/04122011_player/en/"
"name" : "realplayer-openurlindefaultbrowser-code-exe(66728)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66728" "name": "1025351",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1025351"
} },
} {
"name": "ADV-2011-0979",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0979"
},
{
"name": "realplayer-openurlindefaultbrowser-code-exe(66728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66728"
},
{
"name": "47335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47335"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-122/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-122/"
}
]
}
}

150
2011/1xxx/CVE-2011-1441.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1441", "ID": "CVE-2011-1441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=75347", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=75347" "lang": "eng",
}, "value": "Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14646", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14646" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "chrome-select-lists-code-exec(67148)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67148" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=75347",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=75347"
},
{
"name": "oval:org.mitre.oval:def:14646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14646"
},
{
"name": "chrome-select-lists-code-exec(67148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67148"
}
]
}
}

34
2011/1xxx/CVE-2011-1497.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1497", "ID": "CVE-2011-1497",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2011/4xxx/CVE-2011-4754.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4754", "ID": "CVE-2011-4754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files."
{ }
"name" : "ppsbp-apscatalog-xss(72206)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72206" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html"
},
{
"name": "ppsbp-apscatalog-xss(72206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72206"
}
]
}
}

120
2011/4xxx/CVE-2011-4882.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2011-4882", "ID": "CVE-2011-4882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf" "lang": "eng",
} "value": "The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf"
}
]
}
}

34
2011/4xxx/CVE-2011-4935.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-4935", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-4935",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0821. Reason: This candidate is a reservation duplicate of CVE-2012-0821. Notes: All CVE users should reference CVE-2012-0821 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0821. Reason: This candidate is a reservation duplicate of CVE-2012-0821. Notes: All CVE users should reference CVE-2012-0821 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

170
2011/5xxx/CVE-2011-5034.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5034", "ID": "CVE-2011-5034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" "lang": "eng",
}, "value": "Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461."
{ }
"name" : "http://www.nruns.com/_downloads/advisory28122011.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.nruns.com/_downloads/advisory28122011.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ocert.org/advisories/ocert-2011-003.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.ocert.org/advisories/ocert-2011-003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py", ]
"refsource" : "MISC", }
"url" : "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py" ]
}, },
{ "references": {
"name" : "VU#903934", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/903934" "name": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
}, "refsource": "MISC",
{ "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
"name" : "47412", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47412" "name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
} "refsource": "MISC",
] "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
} },
} {
"name": "47412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47412"
},
{
"name": "VU#903934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2011-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
]
}
}

120
2011/5xxx/CVE-2011-5123.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5123", "ID": "CVE-2011-5123",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://personalfirewall.comodo.com/release_notes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://personalfirewall.comodo.com/release_notes.html" "lang": "eng",
} "value": "The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://personalfirewall.comodo.com/release_notes.html",
"refsource": "CONFIRM",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}

130
2014/2xxx/CVE-2014-2342.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-2342", "ID": "CVE-2014-2342",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01" "lang": "eng",
}, "value": "Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet."
{ }
"name" : "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new", ]
"refsource" : "MISC", },
"url" : "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new",
"refsource": "MISC",
"url": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01"
}
]
}
}

160
2014/3xxx/CVE-2014-3691.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3691", "ID": "CVE-2014-3691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.theforeman.org/issues/7822", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.theforeman.org/issues/7822" "lang": "eng",
}, "value": "Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate."
{ }
"name" : "https://github.com/theforeman/smart-proxy/pull/217", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/theforeman/smart-proxy/pull/217" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo", "description": [
"refsource" : "CONFIRM", {
"url" : "https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:0287", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0287.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:0288", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0288.html" "name": "https://github.com/theforeman/smart-proxy/pull/217",
} "refsource": "CONFIRM",
] "url": "https://github.com/theforeman/smart-proxy/pull/217"
} },
} {
"name": "http://projects.theforeman.org/issues/7822",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/7822"
},
{
"name": "RHSA-2015:0287",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0287.html"
},
{
"name": "RHSA-2015:0288",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0288.html"
},
{
"name": "https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo"
}
]
}
}

34
2014/3xxx/CVE-2014-3718.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3718", "ID": "CVE-2014-3718",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/3xxx/CVE-2014-3754.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3754", "ID": "CVE-2014-3754",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/3xxx/CVE-2014-3992.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3992", "ID": "CVE-2014-3992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html" "lang": "eng",
} "value": "Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html"
}
]
}
}

190
2014/6xxx/CVE-2014-6041.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6041", "ID": "CVE-2014-6041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \\u0000 character, as demonstrated by an onclick=\"window.open('\\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html" "lang": "eng",
}, "value": "The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \\u0000 character, as demonstrated by an onclick=\"window.open('\\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser."
{ }
"name" : "https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041", ]
"refsource" : "MISC", },
"url" : "https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://news.ycombinator.com/item?id=8321185", "description": [
"refsource" : "MISC", {
"url" : "https://news.ycombinator.com/item?id=8321185" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87", ]
"refsource" : "CONFIRM", }
"url" : "https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87" ]
}, },
{ "references": {
"name" : "https://android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598c", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598c" "name": "69548",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/69548"
"name" : "https://news.ycombinator.com/item?id=8325807", },
"refsource" : "CONFIRM", {
"url" : "https://news.ycombinator.com/item?id=8325807" "name": "http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html",
}, "refsource": "MISC",
{ "url": "http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html"
"name" : "69548", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69548" "name": "https://news.ycombinator.com/item?id=8325807",
}, "refsource": "CONFIRM",
{ "url": "https://news.ycombinator.com/item?id=8325807"
"name" : "google-android-cve20146041-sec-bypass(95693)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95693" "name": "https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87",
} "refsource": "CONFIRM",
] "url": "https://android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87"
} },
} {
"name": "https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041"
},
{
"name": "https://android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598c",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598c"
},
{
"name": "google-android-cve20146041-sec-bypass(95693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95693"
},
{
"name": "https://news.ycombinator.com/item?id=8321185",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=8321185"
}
]
}
}

150
2014/6xxx/CVE-2014-6076.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6076", "ID": "CVE-2014-6076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" "lang": "eng",
}, "value": "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site."
{ }
"name" : "IV67358", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV67581", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ibm-sam-cve20146076-clickjacking(95729)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95729" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475"
},
{
"name": "IV67358",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358"
},
{
"name": "ibm-sam-cve20146076-clickjacking(95729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95729"
},
{
"name": "IV67581",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581"
}
]
}
}

140
2014/6xxx/CVE-2014-6214.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6214", "ID": "CVE-2014-6214",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697213", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697213" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
{ }
"name" : "PI34987", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031880", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031880" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI34987",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987"
}
]
}
}

34
2014/6xxx/CVE-2014-6441.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6441", "ID": "CVE-2014-6441",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/6xxx/CVE-2014-6679.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6679", "ID": "CVE-2014-6679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#374817", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/374817" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#374817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/374817"
}
]
}
}

150
2014/7xxx/CVE-2014-7181.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7181", "ID": "CVE-2014-7181",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141015 Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533700/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page."
{ }
"name" : "http://packetstormsecurity.com/files/128693/WordPress-MaxButtons-1.26.0-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/128693/WordPress-MaxButtons-1.26.0-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23237", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23237" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wordpress.org/plugins/maxbuttons/changelog", ]
"refsource" : "CONFIRM", }
"url" : "https://wordpress.org/plugins/maxbuttons/changelog" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://packetstormsecurity.com/files/128693/WordPress-MaxButtons-1.26.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128693/WordPress-MaxButtons-1.26.0-Cross-Site-Scripting.html"
},
{
"name": "20141015 Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533700/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/maxbuttons/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/maxbuttons/changelog"
},
{
"name": "https://www.htbridge.com/advisory/HTB23237",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23237"
}
]
}
}

34
2014/7xxx/CVE-2014-7514.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7514", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7514",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7718.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7718", "ID": "CVE-2014-7718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#406409", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/406409" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#406409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/406409"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/8xxx/CVE-2014-8720.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8720", "ID": "CVE-2014-8720",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2139.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2139", "ID": "CVE-2016-2139",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/2xxx/CVE-2016-2281.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-2281", "ID": "CVE-2016-2281",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01" "lang": "eng",
} "value": "Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01"
}
]
}
}

130
2017/18xxx/CVE-2017-18326.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2017-18326", "ID": "CVE-2017-18326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016" "version_value": "MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure in Modem"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qualcomm.com/company/product-security/bulletins", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qualcomm.com/company/product-security/bulletins" "lang": "eng",
}, "value": "Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016."
{ }
"name" : "106128", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106128" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information Exposure in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
}
]
}
}

34
2017/1xxx/CVE-2017-1392.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1392", "ID": "CVE-2017-1392",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

208
2017/1xxx/CVE-2017-1462.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-02-15T00:00:00", "DATE_PUBLIC": "2018-02-15T00:00:00",
"ID" : "CVE-2017-1462", "ID": "CVE-2017-1462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Rhapsody Design Manager", "product_name": "Rational Rhapsody Design Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Rational Rhapsody Design Manager ", "product_name": "Rational Rhapsody Design Manager ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461" "lang": "eng",
}, "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22013739", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013739" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103127", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103127" "lang": "eng",
}, "value": "Cross-Site Scripting"
{ }
"name" : "1040393", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040393" ]
} },
] "references": {
} "reference_data": [
} {
"name": "103127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103127"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013739",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013739"
},
{
"name": "1040393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040393"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461"
}
]
}
}

132
2017/1xxx/CVE-2017-1477.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-03T00:00:00", "DATE_PUBLIC": "2017-11-03T00:00:00",
"ID" : "CVE-2017-1477", "ID": "CVE-2017-1477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Access Manager", "product_name": "Security Access Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.3" "version_value": "9.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128612", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128612" "lang": "eng",
}, "value": "IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009240", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009240" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128612",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128612"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009240",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009240"
}
]
}
}

34
2017/1xxx/CVE-2017-1939.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1939", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1939",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

140
2017/5xxx/CVE-2017-5004.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-5004", "ID": "CVE-2017-5004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels", "product_name": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels" "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/archive/1/540693/30/0/threaded", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.securityfocus.com/archive/1/540693/30/0/threaded" "lang": "eng",
}, "value": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system."
{ }
"name" : "98968", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98968" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038648", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038648" "lang": "eng",
} "value": "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038648"
},
{
"name": "98968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98968"
},
{
"name": "http://www.securityfocus.com/archive/1/540693/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540693/30/0/threaded"
}
]
}
}

180
2017/5xxx/CVE-2017-5111.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5111", "ID": "CVE-2017-5111",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 61.0.3163.79 for Linux, Windows and Mac", "product_name": "Google Chrome prior to 61.0.3163.79 for Linux, Windows and Mac",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 61.0.3163.79 for Linux, Windows and Mac" "version_value": "Google Chrome prior to 61.0.3163.79 for Linux, Windows and Mac"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file."
{ }
"name" : "https://crbug.com/737023", ]
"refsource" : "MISC", },
"url" : "https://crbug.com/737023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3985", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3985" "lang": "eng",
}, "value": "Use after free"
{ }
"name" : "GLSA-201709-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201709-15" ]
}, },
{ "references": {
"name" : "RHSA-2017:2676", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2676" "name": "GLSA-201709-15",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-15"
"name" : "100610", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100610" "name": "RHSA-2017:2676",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2676"
"name" : "1039291", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039291" "name": "1039291",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1039291"
} },
} {
"name": "100610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100610"
},
{
"name": "DSA-3985",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3985"
},
{
"name": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/737023",
"refsource": "MISC",
"url": "https://crbug.com/737023"
}
]
}
}

130
2017/5xxx/CVE-2017-5159.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5159", "ID": "CVE-2017-5159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Phoenix Contact mGuard 8.4.0", "product_name": "Phoenix Contact mGuard 8.4.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Phoenix Contact mGuard 8.4.0" "version_value": "Phoenix Contact mGuard 8.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Phoenix Contact mGuard default admin password"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01" "lang": "eng",
}, "value": "An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value."
{ }
"name" : "95648", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95648" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Phoenix Contact mGuard default admin password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95648"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01"
}
]
}
}