admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:08:08 +00:00
parent 0b40206b12
commit 2773bf8b4c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3616 additions and 3616 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
2006/2xxx/CVE-2006-2125.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2125",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3779. Reason: This candidate is a duplicate of CVE-2005-3779. Notes: All CVE users should reference CVE-2005-3779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-2125",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3779. Reason: This candidate is a duplicate of CVE-2005-3779. Notes: All CVE users should reference CVE-2005-3779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

168
2006/2xxx/CVE-2006-2612.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the \"User Name\" field on the login prompt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060521 Novell Client login form enables reading and writing from and to the clipboard of the logged-in user",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434704/100/0/threaded"
},
{
"name" : "20060522 Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434724/100/0/threaded"
},
{
"name" : "25760",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25760"
},
{
"name" : "20194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20194"
},
{
"name" : "961",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/961"
},
{
"name" : "novell-client-clipboard-leak(26595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26595"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the \"User Name\" field on the login prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20194"
},
{
"name": "20060521 Novell Client login form enables reading and writing from and to the clipboard of the logged-in user",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434704/100/0/threaded"
},
{
"name": "25760",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25760"
},
{
"name": "961",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/961"
},
{
"name": "20060522 Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434724/100/0/threaded"
},
{
"name": "novell-client-clipboard-leak(26595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26595"
}
]
}
}

148
2006/2xxx/CVE-2006-2796.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060521 Captivate 1.0 - XSS Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0413.html"
},
{
"name" : "18072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18072"
},
{
"name" : "1020",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1020"
},
{
"name" : "captivate-gallery-xss(26589)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26589"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18072"
},
{
"name": "1020",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1020"
},
{
"name": "20060521 Captivate 1.0 - XSS Vuln",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0413.html"
},
{
"name": "captivate-gallery-xss(26589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26589"
}
]
}
}

168
2006/3xxx/CVE-2006-3369.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060703 5 php scripts remote database password disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438964/100/0/threaded"
},
{
"name" : "18816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18816"
},
{
"name" : "ADV-2006-2662",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2662"
},
{
"name" : "20918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20918"
},
{
"name" : "1192",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1192"
},
{
"name" : "kamikazeqscm-config-information-disclosure(27575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27575"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2662",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2662"
},
{
"name": "18816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18816"
},
{
"name": "1192",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1192"
},
{
"name": "20918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20918"
},
{
"name": "20060703 5 php scripts remote database password disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438964/100/0/threaded"
},
{
"name": "kamikazeqscm-config-information-disclosure(27575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27575"
}
]
}
}

178
2006/3xxx/CVE-2006-3506.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to \"processing a path name.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-08-17",
"refsource" : "APPLE",
"url" : "http://docs.info.apple.com/article.html?artnum=304188"
},
{
"name" : "VU#737204",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/737204"
},
{
"name" : "19579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19579"
},
{
"name" : "ADV-2006-3315",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3315"
},
{
"name" : "27994",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27994"
},
{
"name" : "1016711",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016711"
},
{
"name" : "21551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21551"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to \"processing a path name.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-17",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=304188"
},
{
"name": "ADV-2006-3315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3315"
},
{
"name": "27994",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27994"
},
{
"name": "19579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19579"
},
{
"name": "21551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21551"
},
{
"name": "VU#737204",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/737204"
},
{
"name": "1016711",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016711"
}
]
}
}

218
2006/3xxx/CVE-2006-3527.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.jaascois.com/exploits/18602018/",
"refsource" : "MISC",
"url" : "http://www.jaascois.com/exploits/18602018/"
},
{
"name" : "18883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18883"
},
{
"name" : "ADV-2006-2807",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2807"
},
{
"name" : "27314",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27314"
},
{
"name" : "27315",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27315"
},
{
"name" : "27316",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27316"
},
{
"name" : "27317",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27317"
},
{
"name" : "27318",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27318"
},
{
"name" : "1016447",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016447"
},
{
"name" : "21056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21056"
},
{
"name" : "bosclassifieds-multiple-scripts-file-include(27662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27662"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27315",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27315"
},
{
"name": "27314",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27314"
},
{
"name": "27317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27317"
},
{
"name": "27316",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27316"
},
{
"name": "ADV-2006-2807",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2807"
},
{
"name": "1016447",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016447"
},
{
"name": "http://www.jaascois.com/exploits/18602018/",
"refsource": "MISC",
"url": "http://www.jaascois.com/exploits/18602018/"
},
{
"name": "27318",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27318"
},
{
"name": "18883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18883"
},
{
"name": "21056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21056"
},
{
"name": "bosclassifieds-multiple-scripts-file-include(27662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27662"
}
]
}
}

148
2006/3xxx/CVE-2006-3983.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2095",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2095"
},
{
"name" : "19259",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19259"
},
{
"name" : "ADV-2006-3087",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3087"
},
{
"name" : "phpreactor-editprofile-file-include(28100)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28100"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19259"
},
{
"name": "phpreactor-editprofile-file-include(28100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28100"
},
{
"name": "2095",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2095"
},
{
"name": "ADV-2006-3087",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3087"
}
]
}
}

208
2006/4xxx/CVE-2006-4758.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"name" : "http://www.security.nnov.ru/Odocument221.html",
"refsource" : "MISC",
"url" : "http://www.security.nnov.ru/Odocument221.html"
},
{
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624",
"refsource" : "MISC",
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"name" : "DSA-1488",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1488"
},
{
"name" : "20347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20347"
},
{
"name" : "21806",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21806"
},
{
"name" : "22188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22188"
},
{
"name" : "28871",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28871"
},
{
"name" : "phpbb-nullbyte-file-upload(28884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20347"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "http://www.security.nnov.ru/Odocument221.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624",
"refsource": "MISC",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624"
},
{
"name": "22188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22188"
}
]
}
}

158
2006/4xxx/CVE-2006-4779.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2353",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2353"
},
{
"name" : "19979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19979"
},
{
"name" : "ADV-2006-3571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3571"
},
{
"name" : "21882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21882"
},
{
"name" : "vitrax-functionsportal-file-include(28889)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28889"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21882"
},
{
"name": "vitrax-functionsportal-file-include(28889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28889"
},
{
"name": "2353",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2353"
},
{
"name": "19979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19979"
},
{
"name": "ADV-2006-3571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3571"
}
]
}
}

168
2006/6xxx/CVE-2006-6108.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#61543834",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2361543834/index.html"
},
{
"name" : "21146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21146/info"
},
{
"name" : "ADV-2006-4583",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4583"
},
{
"name" : "1017277",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017277"
},
{
"name" : "22925",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22925"
},
{
"name" : "eccube-unspecified-xss(30526)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30526"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22925"
},
{
"name": "1017277",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017277"
},
{
"name": "eccube-unspecified-xss(30526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30526"
},
{
"name": "JVN#61543834",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2361543834/index.html"
},
{
"name": "21146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21146/info"
},
{
"name": "ADV-2006-4583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4583"
}
]
}
}

32
2006/6xxx/CVE-2006-6114.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6114",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5854. Reason: This candidate is a duplicate of CVE-2006-5854. Notes: All CVE users should reference CVE-2006-5854 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-6114",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5854. Reason: This candidate is a duplicate of CVE-2006-5854. Notes: All CVE users should reference CVE-2006-5854 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

168
2006/6xxx/CVE-2006-6607.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21251069",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
},
{
"name" : "21570",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21570"
},
{
"name" : "ADV-2006-4989",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4989"
},
{
"name" : "1017380",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017380"
},
{
"name" : "23359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23359"
},
{
"name" : "tivoli-truststorepassword-info-disclosure(30865)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21570"
},
{
"name": "23359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23359"
},
{
"name": "1017380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017380"
},
{
"name": "ADV-2006-4989",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4989"
},
{
"name": "tivoli-truststorepassword-info-disclosure(30865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069"
}
]
}
}

348
2006/6xxx/CVE-2006-6696.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455061/100/0/threaded"
},
{
"name" : "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455104/100/0/threaded"
},
{
"name" : "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455088/100/0/threaded"
},
{
"name" : "20061222 Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455158/100/0/threaded"
},
{
"name" : "20061230 csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455546/100/0/threaded"
},
{
"name" : "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html"
},
{
"name" : "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html",
"refsource" : "MISC",
"url" : "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html"
},
{
"name" : "http://www.security.nnov.ru/Gnews944.html",
"refsource" : "MISC",
"url" : "http://www.security.nnov.ru/Gnews944.html"
},
{
"name" : "http://www.security.nnov.ru/files/messagebox.c",
"refsource" : "MISC",
"url" : "http://www.security.nnov.ru/files/messagebox.c"
},
{
"name" : "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff",
"refsource" : "MISC",
"url" : "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff"
},
{
"name" : "http://www.kuban.ru/forum_new/forum2/files/19124.html",
"refsource" : "MISC",
"url" : "http://www.kuban.ru/forum_new/forum2/files/19124.html"
},
{
"name" : "http://isc.sans.org/diary.php?n&storyid=1965",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.php?n&storyid=1965"
},
{
"name" : "http://research.eeye.com/html/alerts/zeroday/20061215.html",
"refsource" : "MISC",
"url" : "http://research.eeye.com/html/alerts/zeroday/20061215.html"
},
{
"name" : "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx"
},
{
"name" : "HPSBST02208",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
},
{
"name" : "SSRT071365",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
},
{
"name" : "MS07-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
},
{
"name" : "21688",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21688"
},
{
"name" : "23324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23324"
},
{
"name" : "ADV-2006-5120",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5120"
},
{
"name" : "ADV-2007-1325",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1325"
},
{
"name" : "oval:org.mitre.oval:def:1816",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816"
},
{
"name" : "1017433",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017433"
},
{
"name" : "23448",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23448"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kuban.ru/forum_new/forum2/files/19124.html",
"refsource": "MISC",
"url": "http://www.kuban.ru/forum_new/forum2/files/19124.html"
},
{
"name": "20061230 csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455546/100/0/threaded"
},
{
"name": "HPSBST02208",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
},
{
"name": "1017433",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017433"
},
{
"name": "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff",
"refsource": "MISC",
"url": "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff"
},
{
"name": "http://www.security.nnov.ru/Gnews944.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/Gnews944.html"
},
{
"name": "http://research.eeye.com/html/alerts/zeroday/20061215.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20061215.html"
},
{
"name": "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html",
"refsource": "MISC",
"url": "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html"
},
{
"name": "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455088/100/0/threaded"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx"
},
{
"name": "20061222 Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455158/100/0/threaded"
},
{
"name": "21688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21688"
},
{
"name": "MS07-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021"
},
{
"name": "oval:org.mitre.oval:def:1816",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816"
},
{
"name": "ADV-2007-1325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1325"
},
{
"name": "http://www.security.nnov.ru/files/messagebox.c",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/files/messagebox.c"
},
{
"name": "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html"
},
{
"name": "23324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23324"
},
{
"name": "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455104/100/0/threaded"
},
{
"name": "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455061/100/0/threaded"
},
{
"name": "23448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23448"
},
{
"name": "SSRT071365",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded"
},
{
"name": "http://isc.sans.org/diary.php?n&storyid=1965",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?n&storyid=1965"
},
{
"name": "ADV-2006-5120",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5120"
}
]
}
}

168
2006/7xxx/CVE-2006-7056.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060605 [MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435993/30/4650/threaded"
},
{
"name" : "http://www.majorsecurity.de/advisory/major_rls9.txt",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/advisory/major_rls9.txt"
},
{
"name" : "18284",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18284"
},
{
"name" : "18901",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18901"
},
{
"name" : "2289",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2289"
},
{
"name" : "hostadmin-path-file-include(24723)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24723"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2289",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2289"
},
{
"name": "http://www.majorsecurity.de/advisory/major_rls9.txt",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/advisory/major_rls9.txt"
},
{
"name": "hostadmin-path-file-include(24723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24723"
},
{
"name": "20060605 [MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435993/30/4650/threaded"
},
{
"name": "18901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18901"
},
{
"name": "18284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18284"
}
]
}
}

188
2011/0xxx/CVE-2011-0040.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka \"Active Directory SPN Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-005",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-005"
},
{
"name" : "46145",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46145"
},
{
"name" : "70825",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70825"
},
{
"name" : "oval:org.mitre.oval:def:12485",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12485"
},
{
"name" : "1025042",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025042"
},
{
"name" : "43215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43215"
},
{
"name" : "ADV-2011-0319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0319"
},
{
"name" : "ms-win-active-directory-dos(64915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64915"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka \"Active Directory SPN Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-005"
},
{
"name": "70825",
"refsource": "OSVDB",
"url": "http://osvdb.org/70825"
},
{
"name": "ADV-2011-0319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0319"
},
{
"name": "1025042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025042"
},
{
"name": "43215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43215"
},
{
"name": "ms-win-active-directory-dos(64915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64915"
},
{
"name": "46145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46145"
},
{
"name": "oval:org.mitre.oval:def:12485",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12485"
}
]
}
}

32
2011/0xxx/CVE-2011-0239.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0239",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0239",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2011/0xxx/CVE-2011-0557.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a \"faulty allocation\" and memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110208 ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516323/100/0/threaded"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name" : "46330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46330"
},
{
"name" : "1025056",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025056"
},
{
"name" : "ADV-2011-0335",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name" : "shockwave-overflow-code-exec(65259)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65259"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a \"faulty allocation\" and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shockwave-overflow-code-exec(65259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65259"
},
{
"name": "ADV-2011-0335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name": "1025056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025056"
},
{
"name": "46330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46330"
},
{
"name": "20110208 ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516323/100/0/threaded"
}
]
}
}

32
2011/0xxx/CVE-2011-0744.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0744",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0744",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2011/0xxx/CVE-2011-0759.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110317 Recaptcha Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0759",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html"
},
{
"name" : "46909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46909"
},
{
"name" : "43771",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43771"
},
{
"name" : "recaptcha-wordpress-csrf(66167)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66167"
},
{
"name" : "recaptcha-wordpress-multiple-xss(66169)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66169"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "recaptcha-wordpress-csrf(66167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66167"
},
{
"name": "46909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46909"
},
{
"name": "43771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43771"
},
{
"name": "20110317 Recaptcha Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0759",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html"
},
{
"name": "recaptcha-wordpress-multiple-xss(66169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66169"
}
]
}
}

258
2011/1xxx/CVE-2011-1015.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/23/27"
},
{
"name" : "[oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/24/10"
},
{
"name" : "http://bugs.python.org/issue2254",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue2254"
},
{
"name" : "http://hg.python.org/cpython/rev/c6c4398293bd/",
"refsource" : "CONFIRM",
"url" : "http://hg.python.org/cpython/rev/c6c4398293bd/"
},
{
"name" : "http://svn.python.org/view?view=revision&revision=71303",
"refsource" : "CONFIRM",
"url" : "http://svn.python.org/view?view=revision&revision=71303"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680094",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680094"
},
{
"name" : "MDVSA-2011:096",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
},
{
"name" : "USN-1596-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name" : "USN-1613-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name" : "USN-1613-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name" : "46541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46541"
},
{
"name" : "1025489",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025489"
},
{
"name" : "50858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50858"
},
{
"name" : "51024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51024"
},
{
"name" : "51040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51040"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.python.org/view?view=revision&revision=71303",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view?view=revision&revision=71303"
},
{
"name": "MDVSA-2011:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680094",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680094"
},
{
"name": "http://bugs.python.org/issue2254",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue2254"
},
{
"name": "[oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/10"
},
{
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
},
{
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
},
{
"name": "[oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/23/27"
},
{
"name": "1025489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025489"
},
{
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "http://hg.python.org/cpython/rev/c6c4398293bd/",
"refsource": "CONFIRM",
"url": "http://hg.python.org/cpython/rev/c6c4398293bd/"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "46541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46541"
}
]
}
}

178
2011/1xxx/CVE-2011-1294.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=74562",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=74562"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"
},
{
"name" : "47029",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47029"
},
{
"name" : "oval:org.mitre.oval:def:14376",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14376"
},
{
"name" : "43859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43859"
},
{
"name" : "ADV-2011-0765",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0765"
},
{
"name" : "google-chrome-stale-code-exec(66301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66301"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0765"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=74562",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=74562"
},
{
"name": "oval:org.mitre.oval:def:14376",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14376"
},
{
"name": "google-chrome-stale-code-exec(66301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66301"
},
{
"name": "43859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43859"
},
{
"name": "47029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47029"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"
}
]
}
}

168
2011/1xxx/CVE-2011-1711.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7008690",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7008690"
},
{
"name" : "48117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48117"
},
{
"name" : "72759",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72759"
},
{
"name" : "1025608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025608"
},
{
"name" : "44864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44864"
},
{
"name" : "novell-mobility-pack-unauth-access(67840)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67840"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "novell-mobility-pack-unauth-access(67840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67840"
},
{
"name": "48117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48117"
},
{
"name": "1025608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025608"
},
{
"name": "72759",
"refsource": "OSVDB",
"url": "http://osvdb.org/72759"
},
{
"name": "44864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44864"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7008690",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7008690"
}
]
}
}

32
2011/3xxx/CVE-2011-3082.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3082",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3082",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2011/3xxx/CVE-2011-3839.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2011-89/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-89/"
},
{
"name" : "77913",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77913"
},
{
"name" : "46163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46163"
},
{
"name" : "wuzly-cookie-security-bypass(71905)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71905"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77913",
"refsource": "OSVDB",
"url": "http://osvdb.org/77913"
},
{
"name": "wuzly-cookie-security-bypass(71905)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71905"
},
{
"name": "http://secunia.com/secunia_research/2011-89/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-89/"
},
{
"name": "46163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46163"
}
]
}
}

178
2011/4xxx/CVE-2011-4057.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL"
},
{
"name" : "VU#659515",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/659515"
},
{
"name" : "JVN#78901873",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN78901873/index.html"
},
{
"name" : "JVNDB-2012-000003",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html"
},
{
"name" : "51382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51382"
},
{
"name" : "78223",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78223"
},
{
"name" : "47497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78223",
"refsource": "OSVDB",
"url": "http://osvdb.org/78223"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL"
},
{
"name": "51382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51382"
},
{
"name": "VU#659515",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/659515"
},
{
"name": "JVN#78901873",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78901873/index.html"
},
{
"name": "JVNDB-2012-000003",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html"
},
{
"name": "47497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47497"
}
]
}
}

118
2011/4xxx/CVE-2011-4486.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm"
}
]
}
}

188
2011/4xxx/CVE-2011-4602.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6",
"refsource" : "CONFIRM",
"url" : "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"name" : "http://pidgin.im/news/security/?id=58",
"refsource" : "CONFIRM",
"url" : "http://pidgin.im/news/security/?id=58"
},
{
"name" : "RHSA-2011:1820",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name" : "RHSA-2011:1821",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"name" : "openSUSE-SU-2012:0066",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/13195955"
},
{
"name" : "oval:org.mitre.oval:def:18420",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
},
{
"name" : "47219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47219"
},
{
"name" : "47234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47234"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:1820",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html"
},
{
"name": "openSUSE-SU-2012:0066",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13195955"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6"
},
{
"name": "oval:org.mitre.oval:def:18420",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420"
},
{
"name": "http://pidgin.im/news/security/?id=58",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=58"
},
{
"name": "47219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47219"
},
{
"name": "RHSA-2011:1821",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html"
},
{
"name": "47234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47234"
}
]
}
}

178
2011/4xxx/CVE-2011-4604.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[b.a.t.m.a.n] 20111210 bat_socket_read missing checks",
"refsource" : "MLIST",
"url" : "https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2011-December/005904.html"
},
{
"name" : "[oss-security] 20111211 Fwd: Re: cve request: bat_socket_read memory corruption",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/12/12/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=767495",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=767495"
},
{
"name" : "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c"
},
{
"name" : "openSUSE-SU-2013:0925",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111211 Fwd: Re: cve request: bat_socket_read memory corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/12/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=767495",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767495"
},
{
"name": "[b.a.t.m.a.n] 20111210 bat_socket_read missing checks",
"refsource": "MLIST",
"url": "https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2011-December/005904.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"name": "openSUSE-SU-2013:0925",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c"
}
]
}
}

32
2011/4xxx/CVE-2011-4943.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4943",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4943",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2011/4xxx/CVE-2011-4972.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4972",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4972",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2013/5xxx/CVE-2013-5869.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64835",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64835"
},
{
"name" : "102092",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102092"
},
{
"name" : "1029613",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029613"
},
{
"name" : "56467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56467"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64835"
},
{
"name": "1029613",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029613"
},
{
"name": "56467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56467"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "102092",
"refsource": "OSVDB",
"url": "http://osvdb.org/102092"
}
]
}
}

32
2014/2xxx/CVE-2014-2228.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2228",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2228",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2014/2xxx/CVE-2014-2733.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01"
},
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01"
}
]
}
}

258
2014/6xxx/CVE-2014-6394.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140924 CVE request: various NodeJS module vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/24/1"
},
{
"name" : "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/30/10"
},
{
"name" : "https://github.com/visionmedia/send/pull/59",
"refsource" : "MISC",
"url" : "https://github.com/visionmedia/send/pull/59"
},
{
"name" : "https://nodesecurity.io/advisories/send-directory-traversal",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/send-directory-traversal"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146063",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146063"
},
{
"name" : "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a",
"refsource" : "CONFIRM",
"url" : "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a"
},
{
"name" : "https://support.apple.com/HT205217",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205217"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263"
},
{
"name" : "APPLE-SA-2015-09-16-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name" : "FEDORA-2014-11289",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html"
},
{
"name" : "FEDORA-2014-11421",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html"
},
{
"name" : "FEDORA-2014-11495",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html"
},
{
"name" : "70100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70100"
},
{
"name" : "62170",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62170"
},
{
"name" : "nodejs-cve20146394-dir-traversal(96727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96727"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62170"
},
{
"name": "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/30/10"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1146063",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146063"
},
{
"name": "https://nodesecurity.io/advisories/send-directory-traversal",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/send-directory-traversal"
},
{
"name": "https://github.com/visionmedia/send/pull/59",
"refsource": "MISC",
"url": "https://github.com/visionmedia/send/pull/59"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205217"
},
{
"name": "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a",
"refsource": "CONFIRM",
"url": "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "FEDORA-2014-11495",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html"
},
{
"name": "FEDORA-2014-11421",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html"
},
{
"name": "70100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70100"
},
{
"name": "nodejs-cve20146394-dir-traversal(96727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96727"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263"
},
{
"name": "FEDORA-2014-11289",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html"
},
{
"name": "[oss-security] 20140924 CVE request: various NodeJS module vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/24/1"
}
]
}
}

138
2014/7xxx/CVE-2014-7099.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#752073",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/752073"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#752073",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/752073"
}
]
}
}

138
2014/7xxx/CVE-2014-7433.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#702353",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/702353"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#702353",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/702353"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7490.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#876681",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/876681"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#876681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/876681"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

32
2014/7xxx/CVE-2014-7635.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7635",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7635",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

138
2017/0xxx/CVE-2017-0297.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297"
},
{
"name" : "98840",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98840"
},
{
"name" : "1038671",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98840"
},
{
"name": "1038671",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038671"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297"
}
]
}
}

140
2017/0xxx/CVE-2017-0359.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"DATE_PUBLIC" : "2017-02-09T21:14:00.000Z",
"ID" : "CVE-2017-0359",
"STATE" : "PUBLIC",
"TITLE" : "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "diffoscope",
"version" : {
"version_data" : [
{
"version_value" : "before 77"
}
]
}
}
]
},
"vendor_name" : "Debian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "writes to arbitrary locations"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-02-09T21:14:00.000Z",
"ID": "CVE-2017-0359",
"STATE": "PUBLIC",
"TITLE": "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "diffoscope",
"version": {
"version_data": [
{
"version_value": "before 77"
}
]
}
}
]
},
"vendor_name": "Debian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/854723",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/854723"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-0359",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-0359"
}
]
},
"source" : {
"advisory" : "https://bugs.debian.org/854723",
"discovery" : "UNKNOWN"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "writes to arbitrary locations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/854723",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/854723"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0359",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0359"
}
]
},
"source": {
"advisory": "https://bugs.debian.org/854723",
"discovery": "UNKNOWN"
}
}

148
2017/0xxx/CVE-2017-0360.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2017-0360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "tryton-server before 3.4.0-3+deb8u3",
"version" : {
"version_data" : [
{
"version_value" : "tryton-server before 3.4.0-3+deb8u3"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tryton-server before 3.4.0-3+deb8u3",
"version": {
"version_data": [
{
"version_value": "tryton-server before 3.4.0-3+deb8u3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8",
"refsource" : "CONFIRM",
"url" : "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"name" : "https://lists.debian.org/debian-security-announce/2017/msg00084.html",
"refsource" : "CONFIRM",
"url" : "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name" : "DSA-3826",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3826"
},
{
"name" : "97489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97489"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3826",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3826"
},
{
"name": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8",
"refsource": "CONFIRM",
"url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"
},
{
"name": "https://lists.debian.org/debian-security-announce/2017/msg00084.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html"
},
{
"name": "97489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97489"
}
]
}
}

138
2017/0xxx/CVE-2017-0577.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97348"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97348"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

174
2017/0xxx/CVE-2017-0596.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "4.4.4"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1"
},
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98130"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98130"
}
]
}
}

134
2017/0xxx/CVE-2017-0626.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98202",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98202"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98202"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

150
2017/0xxx/CVE-2017-0642.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-5.0.2 Android-5.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2 Android-5.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d"
},
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98868"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98868"
},
{
"name": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

132
2017/1000xxx/CVE-2017-1000432.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-12-29",
"ID" : "CVE-2017-1000432",
"REQUESTER" : "anandkmr27@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "vanilla forums",
"version" : {
"version_data" : [
{
"version_value" : "2"
}
]
}
}
]
},
"vendor_name" : "vanilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Request Forgery (CSRF)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000432",
"REQUESTER": "anandkmr27@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43462",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43462/"
},
{
"name" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14",
"refsource" : "CONFIRM",
"url" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43462",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"name": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14",
"refsource": "CONFIRM",
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
]
}
}

132
2017/1000xxx/CVE-2017-1000442.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-12-29",
"ID" : "CVE-2017-1000442",
"REQUESTER" : "security@passbolt.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "passbolt",
"version" : {
"version_data" : [
{
"version_value" : "1.6.4 and older"
}
]
}
}
]
},
"vendor_name" : "passbolt"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000442",
"REQUESTER": "security@passbolt.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls",
"refsource" : "CONFIRM",
"url" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls"
},
{
"name" : "https://www.passbolt.com/release/notes#September",
"refsource" : "CONFIRM",
"url" : "https://www.passbolt.com/release/notes#September"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls",
"refsource": "CONFIRM",
"url": "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls"
},
{
"name": "https://www.passbolt.com/release/notes#September",
"refsource": "CONFIRM",
"url": "https://www.passbolt.com/release/notes#September"
}
]
}
}

148
2017/18xxx/CVE-2017-18048.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43348",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43348/"
},
{
"name" : "https://blogs.securiteam.com/index.php/archives/3559",
"refsource" : "MISC",
"url" : "https://blogs.securiteam.com/index.php/archives/3559"
},
{
"name" : "https://github.com/monstra-cms/monstra/issues/426",
"refsource" : "MISC",
"url" : "https://github.com/monstra-cms/monstra/issues/426"
},
{
"name" : "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html",
"refsource" : "MISC",
"url" : "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/monstra-cms/monstra/issues/426",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/426"
},
{
"name": "43348",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43348/"
},
{
"name": "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html",
"refsource": "MISC",
"url": "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3559",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3559"
}
]
}
}

32
2017/1xxx/CVE-2017-1676.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1676",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1676",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/1xxx/CVE-2017-1934.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1934",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1934",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

32
2017/5xxx/CVE-2017-5317.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5317",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5317",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2017/5xxx/CVE-2017-5482.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}