admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:25:37 +00:00
parent e83e543b88
commit 301ff75e2b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3626 additions and 3626 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0014.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0014", "ID": "CVE-2001-0014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the \"Invalid RDP Data\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS01-006", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-006" "lang": "eng",
}, "value": "Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the \"Invalid RDP Data\" vulnerability."
{ }
"name" : "2326", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2326" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS01-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-006"
},
{
"name": "2326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2326"
}
]
}
}

170
2001/0xxx/CVE-2001-0816.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0816", "ID": "CVE-2001-0816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010918 OpenSSH: sftp & bypassing keypair auth restrictions", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html" "lang": "eng",
}, "value": "OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands."
{ }
"name" : "CLSA-2001:431", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IMNX-2001-70-034-01", "description": [
"refsource" : "IMMUNIX", {
"url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2001:154", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2001-154.html" ]
}, },
{ "references": {
"name" : "openssh-sftp-bypass-restrictions(7634)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634" "name": "IMNX-2001-70-034-01",
}, "refsource": "IMMUNIX",
{ "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01"
"name" : "5536", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5536" "name": "RHSA-2001:154",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2001-154.html"
} },
} {
"name": "CLSA-2001:431",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431"
},
{
"name": "20010918 OpenSSH: sftp & bypassing keypair auth restrictions",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html"
},
{
"name": "openssh-sftp-bypass-restrictions(7634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7634"
},
{
"name": "5536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5536"
}
]
}
}

150
2001/1xxx/CVE-2001-1542.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1542", "ID": "CVE-2001-1542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011129 NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html" "lang": "eng",
}, "value": "NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments."
{ }
"name" : "20011130 Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3601", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3601" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webshield-smtp-mime-attachments(7637)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7637.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20011130 Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html"
},
{
"name": "3601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3601"
},
{
"name": "webshield-smtp-mime-attachments(7637)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7637.php"
},
{
"name": "20011129 NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html"
}
]
}
}

140
2001/1xxx/CVE-2001-1556.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1556", "ID": "CVE-2001-1556",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011024 Hidden requests to Apache", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html" "lang": "eng",
}, "value": "The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep."
{ }
"name" : "http://httpd.apache.org/docs/logs.html", ]
"refsource" : "CONFIRM", },
"url" : "http://httpd.apache.org/docs/logs.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "apache-hidden-http-request(7363)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7363.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "apache-hidden-http-request(7363)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7363.php"
},
{
"name": "http://httpd.apache.org/docs/logs.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/docs/logs.html"
},
{
"name": "20011024 Hidden requests to Apache",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html"
}
]
}
}

130
2006/2xxx/CVE-2006-2169.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2169", "ID": "CVE-2006-2169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html" "lang": "eng",
}, "value": "RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message."
{ }
"name" : "rtrequesttracker-display-info-disclosure(26164)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26164" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html"
},
{
"name": "rtrequesttracker-display-info-disclosure(26164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26164"
}
]
}
}

180
2006/2xxx/CVE-2006-2545.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2545", "ID": "CVE-2006-2545",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060519 Xtremescripts Topsites v1.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434568/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection."
{ }
"name" : "18055", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18055" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1899", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1899" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25702", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25702" ]
}, },
{ "references": {
"name" : "20192", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20192" "name": "18055",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18055"
"name" : "945", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/945" "name": "topsites-stats-join-lostid-xss(26614)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26614"
"name" : "topsites-stats-join-lostid-xss(26614)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26614" "name": "945",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/945"
} },
} {
"name": "20060519 Xtremescripts Topsites v1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434568/100/0/threaded"
},
{
"name": "ADV-2006-1899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1899"
},
{
"name": "20192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20192"
},
{
"name": "25702",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25702"
}
]
}
}

160
2006/2xxx/CVE-2006-2730.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2730", "ID": "CVE-2006-2730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1835", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1835" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability."
{ }
"name" : "18137", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18137" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2022", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2022" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20331", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20331" ]
}, },
{ "references": {
"name" : "hot-classpath-file-include(26934)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26934" "name": "1835",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/1835"
} },
} {
"name": "hot-classpath-file-include(26934)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26934"
},
{
"name": "18137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18137"
},
{
"name": "ADV-2006-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2022"
},
{
"name": "20331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20331"
}
]
}
}

450
2006/6xxx/CVE-2006-6169.json
View File

@ -1,227 +1,227 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6169", "ID": "CVE-2006-6169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061127 GnuPG 1.4 and 2.0 buffer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452829/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt."
{ }
"name" : "20061201 rPSA-2006-0224-1 gnupg", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/453253/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[gnupg-announce] 20061127 GnuPG 1.4 and 2.0 buffer overflow", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.g10code.com/gnupg/issue728", ]
"refsource" : "MISC", }
"url" : "https://bugs.g10code.com/gnupg/issue728" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-826", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-826" "name": "23110",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23110"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm" "name": "23269",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23269"
"name" : "DSA-1231", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1231" "name": "23303",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23303"
"name" : "GLSA-200612-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200612-03.xml" "name": "20061127 GnuPG 1.4 and 2.0 buffer overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/452829/100/0/threaded"
"name" : "MDKSA-2006:221", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221" "name": "https://issues.rpath.com/browse/RPL-826",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-826"
"name" : "OpenPKG-SA-2006.037", },
"refsource" : "OPENPKG", {
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html" "name": "gnupg-openfile-bo(30550)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550"
"name" : "RHSA-2006:0754", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0754.html" "name": "23513",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23513"
"name" : "20061201-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc" "name": "23284",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23284"
"name" : "SUSE-SA:2006:075", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html" "name": "23146",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23146"
"name" : "2006-0068", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2006/0068/" "name": "23171",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23171"
"name" : "USN-389-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-389-1" "name": "USN-393-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-393-2"
"name" : "USN-393-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-393-2" "name": "RHSA-2006:0754",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html"
"name" : "21306", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21306" "name": "2006-0068",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2006/0068/"
"name" : "oval:org.mitre.oval:def:11228", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228" "name": "1927",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1927"
"name" : "ADV-2006-4736", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4736" "name": "DSA-1231",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1231"
"name" : "1017291", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017291" "name": "23299",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23299"
"name" : "23094", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23094" "name": "USN-389-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-389-1"
"name" : "23110", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23110" "name": "https://bugs.g10code.com/gnupg/issue728",
}, "refsource": "MISC",
{ "url": "https://bugs.g10code.com/gnupg/issue728"
"name" : "23171", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23171" "name": "1017291",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017291"
"name" : "23146", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23146" "name": "GLSA-200612-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200612-03.xml"
"name" : "23161", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23161" "name": "[gnupg-announce] 20061127 GnuPG 1.4 and 2.0 buffer overflow",
}, "refsource": "MLIST",
{ "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html"
"name" : "23250", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23250" "name": "23094",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23094"
"name" : "23269", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23269" "name": "SUSE-SA:2006:075",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html"
"name" : "23299", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23299" "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm"
"name" : "23303", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23303" "name": "20061201 rPSA-2006-0224-1 gnupg",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/453253/100/100/threaded"
"name" : "23284", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23284" "name": "21306",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21306"
"name" : "23513", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23513" "name": "ADV-2006-4736",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4736"
"name" : "24047", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24047" "name": "23250",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23250"
"name" : "1927", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1927" "name": "20061201-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc"
"name" : "gnupg-openfile-bo(30550)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30550" "name": "23161",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/23161"
} },
} {
"name": "MDKSA-2006:221",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:221"
},
{
"name": "OpenPKG-SA-2006.037",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html"
},
{
"name": "oval:org.mitre.oval:def:11228",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11228"
},
{
"name": "24047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24047"
}
]
}
}

150
2006/6xxx/CVE-2006-6564.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6564", "ID": "CVE-2006-6564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://retrogod.altervista.org/filezilla_0921_dos.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://retrogod.altervista.org/filezilla_0921_dos.html" "lang": "eng",
}, "value": "FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4937", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4937" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "filezilla-commands-dos(30853)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30853" ]
} },
] "references": {
} "reference_data": [
} {
"name": "filezilla-commands-dos(30853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30853"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558"
},
{
"name": "http://retrogod.altervista.org/filezilla_0921_dos.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/filezilla_0921_dos.html"
},
{
"name": "ADV-2006-4937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4937"
}
]
}
}

160
2006/6xxx/CVE-2006-6768.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6768", "ID": "CVE-2006-6768",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061119 The Classified Ad System [multiple xss & injection sql]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452194/100/200/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter."
{ }
"name" : "21198", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21198" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23289", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23289" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2075", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2075" ]
}, },
{ "references": {
"name" : "classifiedadsystem-default-xss(30445)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30445" "name": "classifiedadsystem-default-xss(30445)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30445"
} },
} {
"name": "20061119 The Classified Ad System [multiple xss & injection sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452194/100/200/threaded"
},
{
"name": "2075",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2075"
},
{
"name": "23289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23289"
},
{
"name": "21198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21198"
}
]
}
}

190
2011/2xxx/CVE-2011-2105.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2105", "ID": "CVE-2011-2105",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data."
{ }
"name" : "TA11-166A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#264729", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/264729" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48248", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/48248" ]
}, },
{ "references": {
"name" : "73067", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/73067" "name": "reader-acrobat-code-execution(68019)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68019"
"name" : "oval:org.mitre.oval:def:13960", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13960" "name": "73067",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/73067"
"name" : "1025658", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025658" "name": "48248",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48248"
"name" : "reader-acrobat-code-execution(68019)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68019" "name": "VU#264729",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/264729"
} },
} {
"name": "http://www.adobe.com/support/security/bulletins/apsb11-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html"
},
{
"name": "TA11-166A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html"
},
{
"name": "1025658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025658"
},
{
"name": "oval:org.mitre.oval:def:13960",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13960"
}
]
}
}

200
2011/2xxx/CVE-2011-2135.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2135", "ID": "CVE-2011-2135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425."
{ }
"name" : "RHSA-2011:1144", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1144.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2011:033", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2011:0894", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2011:0897", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html" "name": "SUSE-SA:2011:033",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html"
"name" : "TA11-222A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" "name": "48308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48308"
"name" : "oval:org.mitre.oval:def:14016", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14016" "name": "oval:org.mitre.oval:def:14016",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14016"
"name" : "oval:org.mitre.oval:def:16061", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16061" "name": "TA11-222A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
"name" : "48308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48308" "name": "http://www.adobe.com/support/security/bulletins/apsb11-21.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb11-21.html"
} },
} {
"name": "oval:org.mitre.oval:def:16061",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16061"
},
{
"name": "SUSE-SU-2011:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html"
},
{
"name": "RHSA-2011:1144",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1144.html"
},
{
"name": "openSUSE-SU-2011:0897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html"
}
]
}
}

190
2011/2xxx/CVE-2011-2339.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2339", "ID": "CVE-2011-2339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4981" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1."
{ }
"name" : "http://support.apple.com/kb/HT4999", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4999" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5000", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5000" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-10-11-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2011-10-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" "name": "http://support.apple.com/kb/HT4981",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4981"
"name" : "APPLE-SA-2011-10-12-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" "name": "APPLE-SA-2011-10-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
"name" : "50066", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50066" "name": "APPLE-SA-2011-10-11-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
"name" : "oval:org.mitre.oval:def:17020", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17020" "name": "oval:org.mitre.oval:def:17020",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17020"
} },
} {
"name": "APPLE-SA-2011-10-12-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name": "50066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50066"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT5000",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5000"
}
]
}
}

170
2011/2xxx/CVE-2011-2429.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2429", "ID": "CVE-2011-2429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a \"security control bypass.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-26.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-26.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a \"security control bypass.\""
{ }
"name" : "RHSA-2011:1333", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1333.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2011:1063", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14096", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14096" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:16268", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16268" "name": "48308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48308"
"name" : "48308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48308" "name": "oval:org.mitre.oval:def:14096",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14096"
} },
} {
"name": "SUSE-SU-2011:1063",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html"
},
{
"name": "RHSA-2011:1333",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1333.html"
},
{
"name": "oval:org.mitre.oval:def:16268",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16268"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-26.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-26.html"
}
]
}
}

190
2011/2xxx/CVE-2011-2866.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2866", "ID": "CVE-2011-2866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1."
{ }
"name" : "APPLE-SA-2012-03-12-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52363", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52363" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "79957", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/79957" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:17368", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17368" "name": "52363",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52363"
"name" : "48274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "oval:org.mitre.oval:def:17368",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17368"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "itunes-webkit-code-exec(73762)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73762" "name": "79957",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/79957"
} },
} {
"name": "itunes-webkit-code-exec(73762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73762"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
}
]
}
}

190
2011/3xxx/CVE-2011-3377.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-3377", "ID": "CVE-2011-3377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=742515", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=742515" "lang": "eng",
}, "value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
{ }
"name" : "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/", ]
"refsource" : "CONFIRM", },
"url" : "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2420", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2420" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2011:1441", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2011-1441.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:0371", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=742515",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
"name" : "USN-1263-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1263-1" "name": "RHSA-2011:1441",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
"name" : "50610", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50610" "name": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/",
}, "refsource": "CONFIRM",
{ "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
"name" : "76940", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/76940" "name": "76940",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/76940"
} },
} {
"name": "openSUSE-SU-2012:0371",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
},
{
"name": "DSA-2420",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"name": "50610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50610"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
}
]
}
}

140
2011/3xxx/CVE-2011-3826.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3826", "ID": "CVE-2011-3826",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/zikula-1.2.4", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/zikula-1.2.4" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/zikula-1.2.4",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/zikula-1.2.4"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

140
2011/3xxx/CVE-2011-3915.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3915", "ID": "CVE-2011-3915",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=104529", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=104529" "lang": "eng",
}, "value": "Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14569", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14569" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=104529",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=104529"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"
},
{
"name": "oval:org.mitre.oval:def:14569",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14569"
}
]
}
}

34
2011/4xxx/CVE-2011-4229.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4229", "ID": "CVE-2011-4229",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/4xxx/CVE-2011-4385.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-4385", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-4385",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

34
2011/4xxx/CVE-2011-4664.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4664", "ID": "CVE-2011-4664",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2011/4xxx/CVE-2011-4778.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4778", "ID": "CVE-2011-4778",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.splunk.com/view/SP-CAAAGMM", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAGMM" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614."
{ }
"name" : "1026451", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1026451" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.splunk.com/view/SP-CAAAGMM",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAGMM"
},
{
"name": "1026451",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026451"
}
]
}
}

34
2011/4xxx/CVE-2011-4967.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4967", "ID": "CVE-2011-4967",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2013/0xxx/CVE-2013-0637.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-0637", "ID": "CVE-2013-0637",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors."
{ }
"name" : "RHSA-2013:0254", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:0296", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0295", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0298", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" "name": "SUSE-SU-2013:0296",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html"
"name" : "TA13-043A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" "name": "RHSA-2013:0254",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html"
} },
} {
"name": "openSUSE-SU-2013:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html"
},
{
"name": "openSUSE-SU-2013:0298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html"
},
{
"name": "TA13-043A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html"
}
]
}
}

120
2013/1xxx/CVE-2013-1177.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1177", "ID": "CVE-2013-1177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac" "lang": "eng",
} "value": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
}
]
}
}

160
2013/1xxx/CVE-2013-1443.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2013-1443", "ID": "CVE-2013-1443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[django-developers] 20130914 Set a reasonable upper bound on password length", "description_data": [
"refsource" : "MLIST", {
"url" : "http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html" "lang": "eng",
}, "value": "The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed."
{ }
"name" : "https://www.djangoproject.com/weblog/2013/sep/15/security/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.djangoproject.com/weblog/2013/sep/15/security/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2758", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2758" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:1541", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1685", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html" "name": "DSA-2758",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2013/dsa-2758"
} },
} {
"name": "[django-developers] 20130914 Set a reasonable upper bound on password length",
"refsource": "MLIST",
"url": "http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html"
},
{
"name": "openSUSE-SU-2013:1541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html"
},
{
"name": "https://www.djangoproject.com/weblog/2013/sep/15/security/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2013/sep/15/security/"
},
{
"name": "openSUSE-SU-2013:1685",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html"
}
]
}
}

140
2013/1xxx/CVE-2013-1451.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1451", "ID": "CVE-2013-1451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pastebin.com/raw.php?i=rz9BcBey", "description_data": [
"refsource" : "MISC", {
"url" : "http://pastebin.com/raw.php?i=rz9BcBey" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450."
{ }
"name" : "http://www.youtube.com/ChristianHaiderPoC", ]
"refsource" : "MISC", },
"url" : "http://www.youtube.com/ChristianHaiderPoC" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.youtube.com/watch?v=TPqagWAvo8U", "description": [
"refsource" : "MISC", {
"url" : "http://www.youtube.com/watch?v=TPqagWAvo8U" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://pastebin.com/raw.php?i=rz9BcBey",
"refsource": "MISC",
"url": "http://pastebin.com/raw.php?i=rz9BcBey"
},
{
"name": "http://www.youtube.com/ChristianHaiderPoC",
"refsource": "MISC",
"url": "http://www.youtube.com/ChristianHaiderPoC"
},
{
"name": "http://www.youtube.com/watch?v=TPqagWAvo8U",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=TPqagWAvo8U"
}
]
}
}

140
2013/1xxx/CVE-2013-1461.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1461", "ID": "CVE-2013-1461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", "description_data": [
"refsource" : "MISC", {
"url" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" "lang": "eng",
}, "value": "The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230."
{ }
"name" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", ]
"refsource" : "MISC", },
"url" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", "description": [
"refsource" : "MISC", {
"url" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf",
"refsource": "MISC",
"url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
},
{
"name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb",
"refsource": "MISC",
"url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
}
]
}
}

250
2013/1xxx/CVE-2013-1694.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-1694", "ID": "CVE-2013-1694",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-56.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-56.html" "lang": "eng",
}, "value": "The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=848535", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=848535" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2716", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2716" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2720", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2720" ]
}, },
{ "references": {
"name" : "RHSA-2013:0981", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html" "name": "USN-1890-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1890-1"
"name" : "RHSA-2013:0982", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html" "name": "RHSA-2013:0982",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"
"name" : "openSUSE-SU-2013:1140", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=848535",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=848535"
"name" : "openSUSE-SU-2013:1141", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" "name": "oval:org.mitre.oval:def:17405",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17405"
"name" : "openSUSE-SU-2013:1142", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-56.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-56.html"
"name" : "openSUSE-SU-2013:1143", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" "name": "RHSA-2013:0981",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"
"name" : "USN-1890-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1890-1" "name": "USN-1891-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1891-1"
"name" : "USN-1891-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1891-1" "name": "openSUSE-SU-2013:1141",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"
"name" : "60776", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60776" "name": "DSA-2716",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2716"
"name" : "oval:org.mitre.oval:def:17405", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17405" "name": "60776",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/60776"
} },
} {
"name": "openSUSE-SU-2013:1142",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"
},
{
"name": "openSUSE-SU-2013:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"
},
{
"name": "DSA-2720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2720"
},
{
"name": "openSUSE-SU-2013:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"
}
]
}
}

34
2013/5xxx/CVE-2013-5206.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5206", "ID": "CVE-2013-5206",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/5xxx/CVE-2013-5290.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5290", "ID": "CVE-2013-5290",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2013/5xxx/CVE-2013-5332.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-5332", "ID": "CVE-2013-5332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb13-28.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb13-28.html" "lang": "eng",
}, "value": "Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "RHSA-2013:1818", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1818.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:1915", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00084.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:1896", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00008.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1898", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00075.html" "name": "openSUSE-SU-2013:1898",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00075.html"
} },
} {
"name": "RHSA-2013:1818",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1818.html"
},
{
"name": "openSUSE-SU-2013:1915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00084.html"
},
{
"name": "SUSE-SU-2013:1896",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00008.html"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb13-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb13-28.html"
}
]
}
}

130
2013/5xxx/CVE-2013-5445.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5445", "ID": "CVE-2013-5445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667626" "lang": "eng",
}, "value": "IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key."
{ }
"name" : "ibm-cognos-cve20135445-info-disc(87821)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87821" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-cognos-cve20135445-info-disc(87821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87821"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626"
}
]
}
}

160
2013/5xxx/CVE-2013-5589.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2013-5589", "ID": "CVE-2013-5589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.cacti.net/view.php?id=2383", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.cacti.net/view.php?id=2383" "lang": "eng",
}, "value": "SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "DSA-2747", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2013/dsa-2747" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2015:0479", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "62005", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/62005" ]
}, },
{ "references": {
"name" : "54652", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54652" "name": "54652",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/54652"
} },
} {
"name": "DSA-2747",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2747"
},
{
"name": "http://bugs.cacti.net/view.php?id=2383",
"refsource": "CONFIRM",
"url": "http://bugs.cacti.net/view.php?id=2383"
},
{
"name": "openSUSE-SU-2015:0479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"
},
{
"name": "62005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62005"
}
]
}
}

130
2013/5xxx/CVE-2013-5798.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5798", "ID": "CVE-2013-5798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End User Self Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End User Self Service."
{ }
"name" : "1029190", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1029190" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
}
]
}
}

160
2014/2xxx/CVE-2014-2080.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2080", "ID": "CVE-2014-2080",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the \"a\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140224 Re: CVE request: XSS in MODX Revolution before 2.2.11", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q1/431" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the \"a\" parameter."
{ }
"name" : "http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss", ]
"refsource" : "CONFIRM", },
"url" : "http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "65755", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/65755" ]
}, },
{ "references": {
"name" : "57038", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57038" "name": "65755",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/65755"
} },
} {
"name": "57038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57038"
},
{
"name": "https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea",
"refsource": "CONFIRM",
"url": "https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea"
},
{
"name": "http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss",
"refsource": "CONFIRM",
"url": "http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss"
},
{
"name": "[oss-security] 20140224 Re: CVE request: XSS in MODX Revolution before 2.2.11",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/431"
}
]
}
}

34
2014/2xxx/CVE-2014-2546.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2546", "ID": "CVE-2014-2546",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2014/2xxx/CVE-2014-2801.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-2801", "ID": "CVE-2014-2801",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-037", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" "lang": "eng",
}, "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "68383", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/68383" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030532", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030532" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59775", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/59775" ]
} },
] "references": {
} "reference_data": [
} {
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "68383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68383"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}
}

166
2017/0xxx/CVE-2017-0398.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0398", "ID": "CVE-2017-0398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1" "version_value": "Android-7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664."
{ }
"name" : "95226", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95226" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95226"
}
]
}
}

140
2017/0xxx/CVE-2017-0508.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0508", "ID": "CVE-2017-0508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449."
{ }
"name" : "96952", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96952" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037968", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96952"
}
]
}
}

168
2017/0xxx/CVE-2017-0552.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0552", "ID": "CVE-2017-0552",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf" "lang": "eng",
}, "value": "A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915."
{ }
"name" : "https://source.android.com/security/bulletin/2017-04-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-04-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97336", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97336" "lang": "eng",
}, "value": "Denial of service"
{ }
"name" : "1038201", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038201" ]
} },
] "references": {
} "reference_data": [
} {
"name": "97336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97336"
},
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

162
2017/0xxx/CVE-2017-0832.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00", "DATE_PUBLIC": "2017-11-06T00:00:00",
"ID" : "CVE-2017-0832", "ID": "CVE-2017-0832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-11-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820."
{ }
"name" : "101717", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101717" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "101717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101717"
}
]
}
}

34
2017/0xxx/CVE-2017-0956.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-0956", "ID": "CVE-2017-0956",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

134
2017/1000xxx/CVE-2017-1000051.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.298672", "DATE_ASSIGNED": "2017-05-06T20:43:28.298672",
"ID" : "CVE-2017-1000051", "ID": "CVE-2017-1000051",
"REQUESTER" : "martin.gubri@framasoft.org", "REQUESTER": "martin.gubri@framasoft.org",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CryptPad", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.1.0 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "XWiki labs" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content"
{ }
"name" : "https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/",
"refsource": "CONFIRM",
"url": "https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/"
},
{
"name": "https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1"
}
]
}
}

154
2017/1000xxx/CVE-2017-1000486.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-29", "DATE_ASSIGNED": "2017-12-29",
"ID" : "CVE-2017-1000486", "ID": "CVE-2017-1000486",
"REQUESTER" : "bjoern@schuette.se", "REQUESTER": "bjoern@schuette.se",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Primefaces", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<5.2.21, 5.3.0-5.3.7" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Primetek" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43733", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43733/" "lang": "eng",
}, "value": "Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution"
{ }
"name" : "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html", ]
"refsource" : "MISC", },
"url" : "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://cryptosense.com/weak-encryption-flaw-in-primefaces/", "description": [
"refsource" : "MISC", {
"url" : "https://cryptosense.com/weak-encryption-flaw-in-primefaces/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/primefaces/primefaces/issues/1152", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/primefaces/primefaces/issues/1152" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/primefaces/primefaces/issues/1152",
"refsource": "CONFIRM",
"url": "https://github.com/primefaces/primefaces/issues/1152"
},
{
"name": "https://cryptosense.com/weak-encryption-flaw-in-primefaces/",
"refsource": "MISC",
"url": "https://cryptosense.com/weak-encryption-flaw-in-primefaces/"
},
{
"name": "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html",
"refsource": "MISC",
"url": "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html"
},
{
"name": "43733",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43733/"
}
]
}
}

34
2017/12xxx/CVE-2017-12035.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12035", "ID": "CVE-2017-12035",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/12xxx/CVE-2017-12887.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12887", "ID": "CVE-2017-12887",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/16xxx/CVE-2017-16132.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16132", "ID": "CVE-2017-16132",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "simple-npm-registry node module", "product_name": "simple-npm-registry node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/simple-npm-registry", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/simple-npm-registry" "lang": "eng",
}, "value": "simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/452", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/452" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/452",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/452"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/simple-npm-registry",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/simple-npm-registry"
}
]
}
}

34
2017/16xxx/CVE-2017-16301.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16301", "ID": "CVE-2017-16301",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/16xxx/CVE-2017-16557.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16557", "ID": "CVE-2017-16557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.k7computing.com/index.php?/selfhelp/view-article/3rd-Advisory-issued-on-6th-November-2017", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.k7computing.com/index.php?/selfhelp/view-article/3rd-Advisory-issued-on-6th-November-2017" "lang": "eng",
} "value": "K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.k7computing.com/index.php?/selfhelp/view-article/3rd-Advisory-issued-on-6th-November-2017",
"refsource": "CONFIRM",
"url": "https://support.k7computing.com/index.php?/selfhelp/view-article/3rd-Advisory-issued-on-6th-November-2017"
}
]
}
}

140
2017/1xxx/CVE-2017-1523.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2017-1523", "ID": "CVE-2017-1523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129892", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129892" "lang": "eng",
}, "value": "IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892."
{ }
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22009633", ]
"refsource" : "CONFIRM", },
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22009633" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101566", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101566" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "101566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101566"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129892",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129892"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22009633",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22009633"
}
]
}
}

34
2017/4xxx/CVE-2017-4329.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4329", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4329",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4593.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4593", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4593",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4749.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4749", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4749",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4825.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4825", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4825",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

162
2018/5xxx/CVE-2018-5177.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-5177", "ID": "CVE-2018-5177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60" "version_value": "60"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overflow in XSLT during number formatting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1451908", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1451908" "lang": "eng",
}, "value": "A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3645-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3645-1/" "lang": "eng",
}, "value": "Buffer overflow in XSLT during number formatting"
{ }
"name" : "104139", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/104139" ]
}, },
{ "references": {
"name" : "1040896", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040896" "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1451908",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1451908"
},
{
"name": "1040896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040896"
},
{
"name": "USN-3645-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3645-1/"
},
{
"name": "104139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104139"
}
]
}
}

34
2018/5xxx/CVE-2018-5580.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5580", "ID": "CVE-2018-5580",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }