admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:06:05 +00:00
parent 06741a5133
commit 2783a05773
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 4784 additions and 4784 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/0xxx/CVE-2006-0448.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-1/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-1/advisory/"
},
{
"name" : "16379",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16379"
},
{
"name" : "ADV-2006-0318",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0318"
},
{
"name" : "22764",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22764"
},
{
"name" : "22765",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22765"
},
{
"name" : "18480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18480"
},
{
"name" : "epost-append-copy-rename-file-creation(24336)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24336"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "epost-append-copy-rename-file-creation(24336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24336"
},
{
"name": "ADV-2006-0318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0318"
},
{
"name": "http://secunia.com/secunia_research/2006-1/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-1/advisory/"
},
{
"name": "22764",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22764"
},
{
"name": "18480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18480"
},
{
"name": "22765",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22765"
},
{
"name": "16379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16379"
}
]
}
}

178
2006/0xxx/CVE-2006-0691.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060219 [eVuln] Time Tracking Software Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425505/100/0/threaded"
},
{
"name" : "http://www.evuln.com/vulns/69/summary.html",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/69/summary.html"
},
{
"name" : "16630",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16630"
},
{
"name" : "16731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16731"
},
{
"name" : "ADV-2006-0524",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0524"
},
{
"name" : "18854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18854"
},
{
"name" : "timetracking-edituser-auth-bypass(24570)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24570"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0524"
},
{
"name": "16731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16731"
},
{
"name": "http://www.evuln.com/vulns/69/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/69/summary.html"
},
{
"name": "16630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16630"
},
{
"name": "20060219 [eVuln] Time Tracking Software Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425505/100/0/threaded"
},
{
"name": "18854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18854"
},
{
"name": "timetracking-edituser-auth-bypass(24570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24570"
}
]
}
}

768
2006/3xxx/CVE-2006-3809.json
View File

@ -1,387 +1,387 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060727 rPSA-2006-0137-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-536",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-536"
},
{
"name" : "https://issues.rpath.com/browse/RPL-537",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-537"
},
{
"name" : "DSA-1159",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1159"
},
{
"name" : "DSA-1160",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1160"
},
{
"name" : "DSA-1161",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1161"
},
{
"name" : "GLSA-200608-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name" : "GLSA-200608-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name" : "GLSA-200608-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "MDKSA-2006:143",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name" : "MDKSA-2006:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name" : "MDKSA-2006:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name" : "RHSA-2006:0608",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name" : "RHSA-2006:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name" : "RHSA-2006:0611",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name" : "RHSA-2006:0609",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name" : "RHSA-2006:0594",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name" : "20060703-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name" : "SUSE-SA:2006:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name" : "USN-327-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/327-1/"
},
{
"name" : "USN-329-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/329-1/"
},
{
"name" : "USN-350-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name" : "USN-354-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name" : "USN-361-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name" : "19181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19181"
},
{
"name" : "oval:org.mitre.oval:def:9753",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753"
},
{
"name" : "ADV-2006-2998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "1016586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016586"
},
{
"name" : "1016587",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016587"
},
{
"name" : "1016588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016588"
},
{
"name" : "19873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19873"
},
{
"name" : "21216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21216"
},
{
"name" : "21228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21228"
},
{
"name" : "21229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21229"
},
{
"name" : "21246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21246"
},
{
"name" : "21243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21243"
},
{
"name" : "21269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21269"
},
{
"name" : "21270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21270"
},
{
"name" : "21275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21275"
},
{
"name" : "21336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21336"
},
{
"name" : "21358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21358"
},
{
"name" : "21361",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21361"
},
{
"name" : "21250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21250"
},
{
"name" : "21262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21262"
},
{
"name" : "21343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21343"
},
{
"name" : "21529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21529"
},
{
"name" : "21532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21532"
},
{
"name" : "21607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21607"
},
{
"name" : "21631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21631"
},
{
"name" : "21654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21654"
},
{
"name" : "21634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21634"
},
{
"name" : "21675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21675"
},
{
"name" : "22055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22055"
},
{
"name" : "22210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22210"
},
{
"name" : "22342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22342"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-universalbrowserread-escalation(27990)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27990"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1161",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1161"
},
{
"name": "21243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21243"
},
{
"name": "RHSA-2006:0608",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name": "DSA-1160",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1160"
},
{
"name": "GLSA-200608-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "19181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19181"
},
{
"name": "22055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22055"
},
{
"name": "ADV-2006-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name": "USN-361-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name": "20060727 rPSA-2006-0137-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name": "21529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21529"
},
{
"name": "21216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21216"
},
{
"name": "GLSA-200608-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name": "21336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21336"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name": "oval:org.mitre.oval:def:9753",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753"
},
{
"name": "21654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21654"
},
{
"name": "1016588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016588"
},
{
"name": "USN-329-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/329-1/"
},
{
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name": "22210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22210"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html"
},
{
"name": "21634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21634"
},
{
"name": "21607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21607"
},
{
"name": "1016586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016586"
},
{
"name": "19873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19873"
},
{
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21532"
},
{
"name": "21270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21270"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "USN-327-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/327-1/"
},
{
"name": "21361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21361"
},
{
"name": "21631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21631"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21275"
},
{
"name": "21246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21246"
},
{
"name": "SUSE-SA:2006:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name": "21229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21229"
},
{
"name": "21675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21675"
},
{
"name": "1016587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016587"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name": "21228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21228"
},
{
"name": "21250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21250"
},
{
"name": "USN-350-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "22342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22342"
},
{
"name": "21358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21358"
},
{
"name": "https://issues.rpath.com/browse/RPL-536",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-536"
},
{
"name": "https://issues.rpath.com/browse/RPL-537",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-537"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21269"
},
{
"name": "mozilla-universalbrowserread-escalation(27990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27990"
},
{
"name": "GLSA-200608-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name": "21343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21343"
},
{
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "USN-354-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "DSA-1159",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1159"
}
]
}
}

738
2006/3xxx/CVE-2006-3810.json
View File

@ -1,372 +1,372 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060727 rPSA-2006-0137-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-536",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-536"
},
{
"name" : "https://issues.rpath.com/browse/RPL-537",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-537"
},
{
"name" : "DSA-1159",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1159"
},
{
"name" : "DSA-1160",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1160"
},
{
"name" : "GLSA-200608-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name" : "GLSA-200608-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name" : "GLSA-200608-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "MDKSA-2006:143",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name" : "MDKSA-2006:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name" : "MDKSA-2006:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name" : "RHSA-2006:0608",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name" : "RHSA-2006:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name" : "RHSA-2006:0611",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name" : "RHSA-2006:0609",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name" : "RHSA-2006:0594",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name" : "20060703-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name" : "SUSE-SA:2006:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name" : "USN-327-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/327-1/"
},
{
"name" : "USN-329-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/329-1/"
},
{
"name" : "USN-350-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name" : "USN-354-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name" : "VU#911004",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/911004"
},
{
"name" : "19181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19181"
},
{
"name" : "oval:org.mitre.oval:def:10113",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113"
},
{
"name" : "ADV-2006-2998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "1016586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016586"
},
{
"name" : "1016587",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016587"
},
{
"name" : "1016588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016588"
},
{
"name" : "19873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19873"
},
{
"name" : "21216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21216"
},
{
"name" : "21228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21228"
},
{
"name" : "21229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21229"
},
{
"name" : "21246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21246"
},
{
"name" : "21243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21243"
},
{
"name" : "21269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21269"
},
{
"name" : "21270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21270"
},
{
"name" : "21275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21275"
},
{
"name" : "21336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21336"
},
{
"name" : "21358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21358"
},
{
"name" : "21361",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21361"
},
{
"name" : "21250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21250"
},
{
"name" : "21262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21262"
},
{
"name" : "21343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21343"
},
{
"name" : "21529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21529"
},
{
"name" : "21532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21532"
},
{
"name" : "21607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21607"
},
{
"name" : "21631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21631"
},
{
"name" : "21654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21654"
},
{
"name" : "21634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21634"
},
{
"name" : "22055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22055"
},
{
"name" : "22210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22210"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-xpcnativewrapper-xss(27991)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27991"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21243"
},
{
"name": "RHSA-2006:0608",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name": "DSA-1160",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1160"
},
{
"name": "GLSA-200608-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name": "oval:org.mitre.oval:def:10113",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113"
},
{
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "VU#911004",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/911004"
},
{
"name": "19181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19181"
},
{
"name": "22055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22055"
},
{
"name": "ADV-2006-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html"
},
{
"name": "20060727 rPSA-2006-0137-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name": "21529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21529"
},
{
"name": "21216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21216"
},
{
"name": "GLSA-200608-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name": "21336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21336"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name": "21654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21654"
},
{
"name": "1016588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016588"
},
{
"name": "USN-329-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/329-1/"
},
{
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name": "22210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22210"
},
{
"name": "21634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21634"
},
{
"name": "21607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21607"
},
{
"name": "1016586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016586"
},
{
"name": "19873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19873"
},
{
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21532"
},
{
"name": "21270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21270"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "USN-327-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/327-1/"
},
{
"name": "21361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21361"
},
{
"name": "21631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21631"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21275"
},
{
"name": "21246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21246"
},
{
"name": "SUSE-SA:2006:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name": "21229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21229"
},
{
"name": "1016587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016587"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name": "21228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21228"
},
{
"name": "21250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21250"
},
{
"name": "USN-350-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21358"
},
{
"name": "https://issues.rpath.com/browse/RPL-536",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-536"
},
{
"name": "https://issues.rpath.com/browse/RPL-537",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-537"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21269"
},
{
"name": "GLSA-200608-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name": "21343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21343"
},
{
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "USN-354-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "mozilla-xpcnativewrapper-xss(27991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27991"
},
{
"name": "DSA-1159",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1159"
}
]
}
}

178
2006/3xxx/CVE-2006-3890.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-3890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451566/100/0/threaded"
},
{
"name" : "2785",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2785"
},
{
"name" : "MS06-067",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
},
{
"name" : "VU#225217",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/225217"
},
{
"name" : "21060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21060"
},
{
"name" : "21108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21108"
},
{
"name" : "22891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22891"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#225217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/225217"
},
{
"name": "22891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22891"
},
{
"name": "21060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21060"
},
{
"name": "20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451566/100/0/threaded"
},
{
"name": "2785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2785"
},
{
"name": "21108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21108"
},
{
"name": "MS06-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"
}
]
}
}

148
2006/3xxx/CVE-2006-3967.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060730 com_moskool (admin.moskool.php) Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441710/100/0/threaded"
},
{
"name" : "19245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19245"
},
{
"name" : "1314",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1314"
},
{
"name" : "moskool-adminmoskool-file-include(28097)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28097"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060730 com_moskool (admin.moskool.php) Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441710/100/0/threaded"
},
{
"name": "19245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19245"
},
{
"name": "moskool-adminmoskool-file-include(28097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28097"
},
{
"name": "1314",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1314"
}
]
}
}

158
2006/4xxx/CVE-2006-4576.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-4576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-76/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-76/advisory/"
},
{
"name" : "21870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21870"
},
{
"name" : "32567",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32567"
},
{
"name" : "21694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21694"
},
{
"name" : "theaddressbook-gif-jpg-xss(31239)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31239"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32567",
"refsource": "OSVDB",
"url": "http://osvdb.org/32567"
},
{
"name": "http://secunia.com/secunia_research/2006-76/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-76/advisory/"
},
{
"name": "theaddressbook-gif-jpg-xss(31239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31239"
},
{
"name": "21870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21870"
},
{
"name": "21694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21694"
}
]
}
}

198
2006/4xxx/CVE-2006-4710.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.snellspace.com/wp/?p=426",
"refsource" : "MISC",
"url" : "http://www.snellspace.com/wp/?p=426"
},
{
"name" : "http://www.snellspace.com/wp/?p=448",
"refsource" : "MISC",
"url" : "http://www.snellspace.com/wp/?p=448"
},
{
"name" : "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource" : "MISC",
"url" : "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name" : "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html",
"refsource" : "CONFIRM",
"url" : "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html"
},
{
"name" : "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html",
"refsource" : "CONFIRM",
"url" : "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html"
},
{
"name" : "20114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20114"
},
{
"name" : "ADV-2006-3686",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3686"
},
{
"name" : "21995",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21995"
},
{
"name" : "feeddemon-atom-feed-xss(29047)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29047"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html",
"refsource": "CONFIRM",
"url": "http://nick.typepad.com/blog/2006/08/feed_security_a_1.html"
},
{
"name": "ADV-2006-3686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3686"
},
{
"name": "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html",
"refsource": "CONFIRM",
"url": "http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html"
},
{
"name": "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource": "MISC",
"url": "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name": "feeddemon-atom-feed-xss(29047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29047"
},
{
"name": "http://www.snellspace.com/wp/?p=426",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=426"
},
{
"name": "21995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21995"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "20114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20114"
}
]
}
}

158
2006/4xxx/CVE-2006-4885.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "84177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84177"
},
{
"name" : "ADV-2006-3629",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3629"
},
{
"name" : "28836",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28836"
},
{
"name" : "28837",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28837"
},
{
"name" : "21920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21920"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28836",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28836"
},
{
"name": "84177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84177"
},
{
"name": "28837",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28837"
},
{
"name": "ADV-2006-3629",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3629"
},
{
"name": "21920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21920"
}
]
}
}

218
2006/4xxx/CVE-2006-4899.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a \"'\" (single quote) in the PIProfile function, which leaks the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446611/100/0/threaded"
},
{
"name" : "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446716/100/0/threaded"
},
{
"name" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt",
"refsource" : "MISC",
"url" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt"
},
{
"name" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9"
},
{
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616"
},
{
"name" : "20139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20139"
},
{
"name" : "ADV-2006-3738",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3738"
},
{
"name" : "29009",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29009"
},
{
"name" : "1016910",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016910"
},
{
"name" : "22023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22023"
},
{
"name" : "ca-etrust-eppiservlet-path-disclosure(29102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29102"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a \"'\" (single quote) in the PIProfile function, which leaks the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt",
"refsource": "MISC",
"url": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt"
},
{
"name": "ca-etrust-eppiservlet-path-disclosure(29102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29102"
},
{
"name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9"
},
{
"name": "29009",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29009"
},
{
"name": "1016910",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016910"
},
{
"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616"
},
{
"name": "22023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22023"
},
{
"name": "20139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20139"
},
{
"name": "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446716/100/0/threaded"
},
{
"name": "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446611/100/0/threaded"
},
{
"name": "ADV-2006-3738",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3738"
}
]
}
}

168
2006/4xxx/CVE-2006-4918.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2396",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2396"
},
{
"name" : "20103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20103"
},
{
"name" : "ADV-2006-3735",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3735"
},
{
"name" : "29041",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29041"
},
{
"name" : "21990",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21990"
},
{
"name" : "sdb-envdir-file-include(29025)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29025"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20103"
},
{
"name": "ADV-2006-3735",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3735"
},
{
"name": "21990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21990"
},
{
"name": "sdb-envdir-file-include(29025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29025"
},
{
"name": "2396",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2396"
},
{
"name": "29041",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29041"
}
]
}
}

138
2006/6xxx/CVE-2006-6017.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=153303",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=153303"
},
{
"name" : "http://trac.wordpress.org/ticket/2591",
"refsource" : "CONFIRM",
"url" : "http://trac.wordpress.org/ticket/2591"
},
{
"name" : "GLSA-200611-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200611-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"
},
{
"name": "http://trac.wordpress.org/ticket/2591",
"refsource": "CONFIRM",
"url": "http://trac.wordpress.org/ticket/2591"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=153303",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=153303"
}
]
}
}

188
2006/6xxx/CVE-2006-6141.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061117 TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451951/100/200/threaded"
},
{
"name" : "VU#632633",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/632633"
},
{
"name" : "21148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21148"
},
{
"name" : "ADV-2006-4606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4606"
},
{
"name" : "30502",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30502"
},
{
"name" : "22968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22968"
},
{
"name" : "1923",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1923"
},
{
"name" : "tftpd32-gauge-dos(30439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30439"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1923",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1923"
},
{
"name": "21148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21148"
},
{
"name": "22968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22968"
},
{
"name": "VU#632633",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/632633"
},
{
"name": "30502",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30502"
},
{
"name": "20061117 TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451951/100/200/threaded"
},
{
"name": "tftpd32-gauge-dos(30439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30439"
},
{
"name": "ADV-2006-4606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4606"
}
]
}
}

228
2006/6xxx/CVE-2006-6574.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource" : "MISC",
"url" : "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name" : "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource" : "MISC",
"url" : "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35",
"refsource" : "MISC",
"url" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35"
},
{
"name" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource" : "MISC",
"url" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name" : "http://www.mantisbugtracker.com/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbugtracker.com/changelog.php"
},
{
"name" : "DSA-1467",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1467"
},
{
"name" : "21566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21566"
},
{
"name" : "ADV-2006-4978",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name" : "23258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23258"
},
{
"name" : "28551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28551"
},
{
"name" : "mantis-customfield-info-disclosure(30870)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23258"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35"
},
{
"name": "ADV-2006-4978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
}
]
}
}

148
2006/7xxx/CVE-2006-7236.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030"
},
{
"name" : "USN-703-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/703-1/"
},
{
"name" : "33388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33388"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33388"
},
{
"name": "USN-703-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/703-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593"
}
]
}
}

148
2010/2xxx/CVE-2010-2793.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620355",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620355"
},
{
"name" : "RHSA-2010:0818",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0818.html"
},
{
"name" : "45213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45213"
},
{
"name" : "1024825",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024825"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024825",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024825"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=620355",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=620355"
},
{
"name": "45213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45213"
},
{
"name": "RHSA-2010:0818",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0818.html"
}
]
}
}

188
2010/2xxx/CVE-2010-2909.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100727 Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512709/100/0/threaded"
},
{
"name" : "20100727 TTVideo 1.0 Joomla Component SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512685/100/0/threaded"
},
{
"name" : "14481",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14481"
},
{
"name" : "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt",
"refsource" : "MISC",
"url" : "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt"
},
{
"name" : "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file",
"refsource" : "CONFIRM",
"url" : "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file"
},
{
"name" : "66630",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66630"
},
{
"name" : "40716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40716"
},
{
"name" : "ttvideocom-index-sql-injection(60662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60662"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file",
"refsource": "CONFIRM",
"url": "http://www.toughtomato.com/downloads/16-comttvideo-1-0-1/file"
},
{
"name": "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt",
"refsource": "MISC",
"url": "http://adv.salvatorefresta.net/TTVideo_1.0_Joomla_Component_SQL_Injection_Vulnerability-27072010.txt"
},
{
"name": "14481",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14481"
},
{
"name": "20100727 TTVideo 1.0 Joomla Component SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512685/100/0/threaded"
},
{
"name": "20100727 Re: TTVideo 1.0 Joomla Component SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512709/100/0/threaded"
},
{
"name": "40716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40716"
},
{
"name": "ttvideocom-index-sql-injection(60662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60662"
},
{
"name": "66630",
"refsource": "OSVDB",
"url": "http://osvdb.org/66630"
}
]
}
}

168
2011/0xxx/CVE-2011-0509.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev.vaadin.com/ticket/6257",
"refsource" : "MISC",
"url" : "http://dev.vaadin.com/ticket/6257"
},
{
"name" : "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html",
"refsource" : "CONFIRM",
"url" : "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html"
},
{
"name" : "45779",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45779"
},
{
"name" : "70398",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70398"
},
{
"name" : "42879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42879"
},
{
"name" : "vaadin-unspec-xss(64626)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64626"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45779"
},
{
"name": "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html",
"refsource": "CONFIRM",
"url": "http://vaadin.com/download/release/6.4/6.4.9/release-notes.html"
},
{
"name": "http://dev.vaadin.com/ticket/6257",
"refsource": "MISC",
"url": "http://dev.vaadin.com/ticket/6257"
},
{
"name": "70398",
"refsource": "OSVDB",
"url": "http://osvdb.org/70398"
},
{
"name": "42879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42879"
},
{
"name": "vaadin-unspec-xss(64626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64626"
}
]
}
}

148
2011/0xxx/CVE-2011-0642.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16013",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16013"
},
{
"name" : "70593",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70593"
},
{
"name" : "42959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42959"
},
{
"name" : "n13news-admin-csrf(64824)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64824"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70593",
"refsource": "OSVDB",
"url": "http://osvdb.org/70593"
},
{
"name": "16013",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16013"
},
{
"name": "42959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42959"
},
{
"name": "n13news-admin-csrf(64824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64824"
}
]
}
}

188
2011/0xxx/CVE-2011-0663.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka \"Scripting Memory Reallocation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-031",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47249",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47249"
},
{
"name" : "71774",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71774"
},
{
"name" : "oval:org.mitre.oval:def:12673",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673"
},
{
"name" : "1025333",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025333"
},
{
"name" : "44162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44162"
},
{
"name" : "ADV-2011-0949",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0949"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka \"Scripting Memory Reallocation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0949"
},
{
"name": "71774",
"refsource": "OSVDB",
"url": "http://osvdb.org/71774"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "1025333",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025333"
},
{
"name": "MS11-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031"
},
{
"name": "47249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47249"
},
{
"name": "oval:org.mitre.oval:def:12673",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673"
},
{
"name": "44162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44162"
}
]
}
}

148
2011/1xxx/CVE-2011-1710.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb"
},
{
"name" : "http://support.novell.com/security/cve/CVE-2011-1710.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/security/cve/CVE-2011-1710.html"
},
{
"name" : "https://bugzilla.novell.com/585440",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/585440"
},
{
"name" : "SUSE-SU-2011:1185",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00012.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:1185",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00012.html"
},
{
"name": "http://support.novell.com/security/cve/CVE-2011-1710.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2011-1710.html"
},
{
"name": "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb",
"refsource": "CONFIRM",
"url": "http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb"
},
{
"name": "https://bugzilla.novell.com/585440",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/585440"
}
]
}
}

168
2011/1xxx/CVE-2011-1976.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
},
{
"name" : "HPSBGN03534",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=145326307707460&w=2"
},
{
"name" : "MS11-067",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
},
{
"name" : "TA11-221A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
},
{
"name" : "49033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49033"
},
{
"name" : "oval:org.mitre.oval:def:12773",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
},
{
"name": "HPSBGN03534",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145326307707460&w=2"
},
{
"name": "oval:org.mitre.oval:def:12773",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
},
{
"name": "49033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49033"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
},
{
"name": "TA11-221A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
}
]
}
}

128
2011/1xxx/CVE-2011-1978.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Socket Restriction Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-069",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069"
},
{
"name" : "oval:org.mitre.oval:def:12901",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12901"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Socket Restriction Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12901",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12901"
},
{
"name": "MS11-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069"
}
]
}
}

158
2011/4xxx/CVE-2011-4030.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://plone.org/products/plone-hotfix/releases/20110928",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"name" : "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"name" : "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0",
"refsource" : "CONFIRM",
"url" : "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name" : "50287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50287"
},
{
"name" : "46323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46323"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0",
"refsource": "CONFIRM",
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46323"
},
{
"name": "50287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50287"
},
{
"name": "http://plone.org/products/plone-hotfix/releases/20110928",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"name": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
]
}
}

188
2011/4xxx/CVE-2011-4562.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html",
"refsource" : "MISC",
"url" : "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html"
},
{
"name" : "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection"
},
{
"name" : "http://wordpress.org/extend/plugins/redirection/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/redirection/changelog/"
},
{
"name" : "49985",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49985"
},
{
"name" : "76092",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76092"
},
{
"name" : "46310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46310"
},
{
"name" : "wpredirection-referer-header-xss(70373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70373"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/redirection/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/redirection/changelog/"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection"
},
{
"name": "49985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49985"
},
{
"name": "wpredirection-referer-header-xss(70373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70373"
},
{
"name": "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html",
"refsource": "MISC",
"url": "http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html"
},
{
"name": "76092",
"refsource": "OSVDB",
"url": "http://osvdb.org/76092"
},
{
"name": "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt"
},
{
"name": "46310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46310"
}
]
}
}

128
2011/4xxx/CVE-2011-4744.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
},
{
"name" : "plesk-headers-unspecified(72315)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72315"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
},
{
"name": "plesk-headers-unspecified(72315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72315"
}
]
}
}

148
2011/5xxx/CVE-2011-5276.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a",
"refsource" : "CONFIRM",
"url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
},
{
"name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64",
"refsource" : "CONFIRM",
"url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
},
{
"name" : "DSA-2365",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2365"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64",
"refsource": "CONFIRM",
"url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
},
{
"name": "DSA-2365",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2365"
},
{
"name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a",
"refsource": "CONFIRM",
"url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
}
]
}
}

138
2014/2xxx/CVE-2014-2763.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-035",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name" : "67915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67915"
},
{
"name" : "1030370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030370"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "67915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67915"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
}
]
}
}

138
2014/2xxx/CVE-2014-2847.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32660",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32660"
},
{
"name" : "66590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66590"
},
{
"name" : "105364",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/105364"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32660",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32660"
},
{
"name": "66590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66590"
},
{
"name": "105364",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/105364"
}
]
}
}

168
2014/3xxx/CVE-2014-3008.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32885",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32885"
},
{
"name" : "20140415 Unitrends enterprise backup remote unauthenticated root",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/204"
},
{
"name" : "https://gist.github.com/brandonprry/10745756",
"refsource" : "MISC",
"url" : "https://gist.github.com/brandonprry/10745756"
},
{
"name" : "66928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66928"
},
{
"name" : "58001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58001"
},
{
"name" : "unitrends-snmpod-command-exec(92642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92642"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "unitrends-snmpod-command-exec(92642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92642"
},
{
"name": "58001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58001"
},
{
"name": "https://gist.github.com/brandonprry/10745756",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/10745756"
},
{
"name": "66928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66928"
},
{
"name": "20140415 Unitrends enterprise backup remote unauthenticated root",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/204"
},
{
"name": "32885",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32885"
}
]
}
}

838
2014/3xxx/CVE-2014-3508.json
View File

@ -1,422 +1,422 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3508",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource" : "MLIST",
"url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
},
{
"name" : "https://www.openssl.org/news/secadv_20140806.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"name" : "http://www.tenable.com/security/tns-2014-06",
"refsource" : "CONFIRM",
"url" : "http://www.tenable.com/security/tns-2014-06"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681752",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681752"
},
{
"name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure",
"refsource" : "CONFIRM",
"url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure"
},
{
"name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html",
"refsource" : "CONFIRM",
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127490",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
},
{
"name" : "DSA-2998",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2998"
},
{
"name" : "FEDORA-2014-9301",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name" : "FEDORA-2014-9308",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name" : "FreeBSD-SA-14:18",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name" : "HPSBGN03099",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140973896703549&w=2"
},
{
"name" : "HPSBOV03099",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2"
},
{
"name" : "HPSBUX03095",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name" : "SSRT101674",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name" : "HPSBMU03260",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name" : "SSRT101894",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name" : "HPSBMU03267",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2"
},
{
"name" : "HPSBHF03293",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "SSRT101846",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "HPSBMU03304",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2"
},
{
"name" : "HPSBMU03261",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2"
},
{
"name" : "HPSBMU03263",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2"
},
{
"name" : "MDVSA-2014:158",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
},
{
"name" : "NetBSD-SA2014-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name" : "RHSA-2014:1256",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
},
{
"name" : "RHSA-2014:1297",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
},
{
"name" : "openSUSE-SU-2014:1052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name" : "SUSE-SU-2015:0578",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "69075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69075"
},
{
"name" : "1030693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030693"
},
{
"name" : "59221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59221"
},
{
"name" : "60687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60687"
},
{
"name" : "60824",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60824"
},
{
"name" : "60861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60861"
},
{
"name" : "60917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60917"
},
{
"name" : "60921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60921"
},
{
"name" : "60938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60938"
},
{
"name" : "61775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61775"
},
{
"name" : "61959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61959"
},
{
"name" : "59756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59756"
},
{
"name" : "60410",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60410"
},
{
"name" : "60803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60803"
},
{
"name" : "61214",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61214"
},
{
"name" : "61017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61017"
},
{
"name" : "61100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61100"
},
{
"name" : "61171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61171"
},
{
"name" : "61250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61250"
},
{
"name" : "61392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61392"
},
{
"name" : "61184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61184"
},
{
"name" : "59743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59743"
},
{
"name" : "60778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60778"
},
{
"name" : "58962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58962"
},
{
"name" : "59700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59700"
},
{
"name" : "59710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59710"
},
{
"name" : "60022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60022"
},
{
"name" : "60684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60684"
},
{
"name" : "60221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60221"
},
{
"name" : "60493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60493"
},
{
"name" : "openssl-cve20143508-info-disc(95165)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1297",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
},
{
"name": "openSUSE-SU-2014:1052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "HPSBGN03099",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140973896703549&w=2"
},
{
"name": "61214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61214"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name": "60221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "60778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60778"
},
{
"name": "61184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61184"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure"
},
{
"name": "SSRT101846",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "RHSA-2014:1256",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
},
{
"name": "60022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60022"
},
{
"name": "https://www.openssl.org/news/secadv_20140806.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61017"
},
{
"name": "61250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61250"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name": "69075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69075"
},
{
"name": "HPSBMU03304",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html"
},
{
"name": "HPSBHF03293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "60410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60410"
},
{
"name": "HPSBMU03260",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name": "60803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60803"
},
{
"name": "60824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60824"
},
{
"name": "HPSBUX03095",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name": "59700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59700"
},
{
"name": "FEDORA-2014-9308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name": "1030693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "59743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59743"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "60861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60861"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752"
},
{
"name": "60917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60917"
},
{
"name": "http://www.tenable.com/security/tns-2014-06",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2014-06"
},
{
"name": "NetBSD-SA2014-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60921"
},
{
"name": "HPSBOV03099",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2"
},
{
"name": "59221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61100"
},
{
"name": "SUSE-SU-2015:0578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "FreeBSD-SA-14:18",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61775"
},
{
"name": "SSRT101894",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name": "DSA-2998",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "HPSBMU03263",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2"
},
{
"name": "FEDORA-2014-9301",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name": "SSRT101674",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59756"
},
{
"name": "HPSBMU03267",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2"
},
{
"name": "HPSBMU03261",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "58962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58962"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"name": "61392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61392"
},
{
"name": "60938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60938"
},
{
"name": "60684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60684"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
},
{
"name": "openssl-cve20143508-info-disc(95165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165"
},
{
"name": "61171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61171"
},
{
"name": "60687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60687"
},
{
"name": "MDVSA-2014:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
]
}
}

128
2014/3xxx/CVE-2014-3521.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112813",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1112813"
},
{
"name" : "RHSA-2014:1194",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
}

138
2014/3xxx/CVE-2014-3562.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123477",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123477"
},
{
"name" : "RHSA-2014:1031",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1031.html"
},
{
"name" : "RHSA-2014:1032",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1032.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1031",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1031.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123477"
},
{
"name": "RHSA-2014:1032",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1032.html"
}
]
}
}

118
2014/3xxx/CVE-2014-3750.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks",
"refsource" : "MISC",
"url" : "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks",
"refsource": "MISC",
"url": "http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks"
}
]
}
}

118
2014/6xxx/CVE-2014-6192.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700252",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
}
]
}
}

118
2014/6xxx/CVE-2014-6284.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200"
}
]
}
}

148
2014/6xxx/CVE-2014-6567.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf",
"refsource" : "MISC",
"url" : "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72134"
},
{
"name" : "1031572",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031572"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf",
"refsource": "MISC",
"url": "http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf"
},
{
"name": "1031572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031572"
},
{
"name": "72134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72134"
}
]
}
}

138
2014/6xxx/CVE-2014-6714.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#289017",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/289017"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#289017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/289017"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/6xxx/CVE-2014-6826.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#741249",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/741249"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#741249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/741249"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/6xxx/CVE-2014-6907.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#455865",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/455865"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#455865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/455865"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

148
2014/7xxx/CVE-2014-7251.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf"
},
{
"name" : "JVN#54775800",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN54775800/index.html"
},
{
"name" : "JVNDB-2014-000141",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html"
},
{
"name" : "fast-tools-cve20147251-info-disc(99018)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99018"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf"
},
{
"name": "JVN#54775800",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54775800/index.html"
},
{
"name": "fast-tools-cve20147251-info-disc(99018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99018"
},
{
"name": "JVNDB-2014-000141",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html"
}
]
}
}

138
2014/7xxx/CVE-2014-7255.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.seil.jp/support/security/a01510.html",
"refsource" : "CONFIRM",
"url" : "http://www.seil.jp/support/security/a01510.html"
},
{
"name" : "JVN#21907573",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN21907573/index.html"
},
{
"name" : "JVNDB-2014-000135",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000135.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000135",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000135.html"
},
{
"name": "http://www.seil.jp/support/security/a01510.html",
"refsource": "CONFIRM",
"url": "http://www.seil.jp/support/security/a01510.html"
},
{
"name": "JVN#21907573",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN21907573/index.html"
}
]
}
}

138
2014/7xxx/CVE-2014-7399.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#236041",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/236041"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#236041",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/236041"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7472.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#619105",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/619105"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#619105",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/619105"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

32
2014/7xxx/CVE-2014-7496.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7496",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7496",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

138
2016/2xxx/CVE-2016-2067.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0"
},
{
"name" : "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067"
}
]
}
}

130
2017/0xxx/CVE-2017-0741.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-08-07T00:00:00",
"ID" : "CVE-2017-0741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-08-07T00:00:00",
"ID": "CVE-2017-0741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-08-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-08-01"
},
{
"name" : "100209",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100209"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100209"
},
{
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
}
]
}
}

128
2017/18xxx/CVE-2017-18235.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=101913",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=101913"
},
{
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=101913",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101913"
},
{
"name": "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4"
}
]
}
}

252
2017/1xxx/CVE-2017-1534.json
View File

@ -1,129 +1,129 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-05T00:00:00",
"ID" : "CVE-2017-1534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "8.0.1.5"
},
{
"version_value" : "9.0.2.1"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "8.0.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-05T00:00:00",
"ID": "CVE-2017-1534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22008936",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name" : "102509",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102509"
},
{
"name" : "1040169",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040169"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008936",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008936"
},
{
"name": "1040169",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040169"
},
{
"name": "102509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102509"
}
]
}
}

32
2017/1xxx/CVE-2017-1573.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1573",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1573",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/5xxx/CVE-2017-5315.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5315",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5315",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}