admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:55:43 +00:00
parent 17c2a5c751
commit 32591f5c44
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4475 additions and 4475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/3xxx/CVE-2006-3023.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html"
},
{
"name" : "ADV-2006-2307",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2307"
},
{
"name" : "20606",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20606"
},
{
"name" : "uphotogallery-thumbnails-xss(27034)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20606"
},
{
"name": "uphotogallery-thumbnails-xss(27034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27034"
},
{
"name": "ADV-2006-2307",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2307"
},
{
"name": "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/uphotogallery-xss-vuln.html"
}
]
}
}

34
2006/3xxx/CVE-2006-3099.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3099",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3099",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

340
2006/3xxx/CVE-2006-3636.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060913 Mailman 2.1.8 Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name" : "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource" : "MLIST",
"url" : "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name" : "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"
},
{
"name" : "DSA-1188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1188"
},
{
"name" : "GLSA-200609-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name" : "MDKSA-2006:165",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name" : "RHSA-2006:0600",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"name" : "SUSE-SR:2006:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name" : "USN-345-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name" : "19831",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19831"
},
{
"name" : "20021",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20021"
},
{
"name" : "oval:org.mitre.oval:def:10553",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"name" : "ADV-2006-3446",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name" : "1016808",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016808"
},
{
"name" : "21732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21732"
},
{
"name" : "21792",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21792"
},
{
"name" : "21879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21879"
},
{
"name" : "22011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22011"
},
{
"name" : "22020",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22020"
},
{
"name" : "22227",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22227"
},
{
"name" : "22639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22639"
},
{
"name" : "mailman-unspecified-xss(28731)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3446",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21879"
},
{
"name": "20021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "oval:org.mitre.oval:def:10553",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"name": "USN-345-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "22227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"
},
{
"name": "21732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21732"
},
{
"name": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22011"
},
{
"name": "22020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22020"
},
{
"name": "mailman-unspecified-xss(28731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
}
]
}
}

200
2006/3xxx/CVE-2006-3858.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060814 Informix - Discovery, Attack and Defense",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
},
{
"name" : "20060814 Multiple Password Exposures Flaws",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
},
{
"name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
"refsource" : "MISC",
"url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
},
{
"name" : "19264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19264"
},
{
"name" : "ADV-2006-3077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3077"
},
{
"name" : "27691",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27691"
},
{
"name" : "21301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21301"
},
{
"name" : "informix-plaintext-password(28132)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
},
{
"name": "20060814 Informix - Discovery, Attack and Defense",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
},
{
"name": "20060814 Multiple Password Exposures Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
},
{
"name": "informix-plaintext-password(28132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
},
{
"name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
"refsource": "MISC",
"url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
},
{
"name": "21301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21301"
},
{
"name": "19264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19264"
},
{
"name": "27691",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27691"
},
{
"name": "ADV-2006-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3077"
}
]
}
}

140
2006/3xxx/CVE-2006-3880.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated \"Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060724 Windows XP/NT/SMB2003/2000 Denial of Service attack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441007/100/0/threaded"
},
{
"name" : "19135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19135"
},
{
"name" : "1282",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated \"Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19135"
},
{
"name": "20060724 Windows XP/NT/SMB2003/2000 Denial of Service attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441007/100/0/threaded"
},
{
"name": "1282",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1282"
}
]
}
}

130
2006/3xxx/CVE-2006-3882.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441000/100/0/threaded"
},
{
"name" : "1284",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1284",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1284"
},
{
"name": "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441000/100/0/threaded"
}
]
}
}

560
2006/4xxx/CVE-2006-4096.json
View File

@ -1,282 +1,282 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060908 rPSA-2006-0166-1 bind bind-utils",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445600/100/0/threaded"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en"
},
{
"name" : "https://issues.rpath.com/browse/RPL-626",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-626"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305530",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name" : "IY89169",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89169"
},
{
"name" : "IY89178",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89178"
},
{
"name" : "APPLE-SA-2007-05-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name" : "DSA-1172",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1172"
},
{
"name" : "FreeBSD-SA-06:20.bind",
"refsource" : "FREEBSD",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc"
},
{
"name" : "GLSA-200609-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-11.xml"
},
{
"name" : "HPSBTU02207",
"refsource" : "HP",
"url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name" : "SSRT061213",
"refsource" : "HP",
"url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name" : "SSRT061239",
"refsource" : "HP",
"url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name" : "SSRT071304",
"refsource" : "HP",
"url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name" : "HPSBOV03226",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2"
},
{
"name" : "SSRT101004",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2"
},
{
"name" : "MDKSA-2006:163",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:163"
},
{
"name" : "[3.9] 20060908 010: SECURITY FIX: September 8, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata.html"
},
{
"name" : "OpenPKG-SA-2006.019",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html"
},
{
"name" : "SSA:2006-257-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241"
},
{
"name" : "SUSE-SR:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name" : "SUSE-SR:2006:024",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name" : "USN-343-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-343-1"
},
{
"name" : "VU#697164",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/697164"
},
{
"name" : "19859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19859"
},
{
"name" : "oval:org.mitre.oval:def:9623",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9623"
},
{
"name" : "ADV-2006-3473",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3473"
},
{
"name" : "ADV-2006-3511",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3511"
},
{
"name" : "ADV-2007-1401",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1401"
},
{
"name" : "ADV-2007-1939",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name" : "1016794",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016794"
},
{
"name" : "21752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21752"
},
{
"name" : "21816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21816"
},
{
"name" : "21786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21786"
},
{
"name" : "21790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21790"
},
{
"name" : "21818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21818"
},
{
"name" : "21828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21828"
},
{
"name" : "21835",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21835"
},
{
"name" : "21838",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21838"
},
{
"name" : "21912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21912"
},
{
"name" : "21926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21926"
},
{
"name" : "22298",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22298"
},
{
"name" : "24950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24950"
},
{
"name" : "25402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25402"
},
{
"name" : "bind-recursive-insist-dos(28744)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "21835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21835"
},
{
"name": "OpenPKG-SA-2006.019",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "FreeBSD-SA-06:20.bind",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc"
},
{
"name": "HPSBOV03226",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2"
},
{
"name": "20060908 rPSA-2006-0166-1 bind bind-utils",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445600/100/0/threaded"
},
{
"name": "SSRT071304",
"refsource": "HP",
"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en"
},
{
"name": "SUSE-SR:2006:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "SSRT101004",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2"
},
{
"name": "21786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21786"
},
{
"name": "IY89178",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89178"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "MDKSA-2006:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:163"
},
{
"name": "https://issues.rpath.com/browse/RPL-626",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-626"
},
{
"name": "21818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21818"
},
{
"name": "USN-343-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-343-1"
},
{
"name": "21838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21838"
},
{
"name": "22298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22298"
},
{
"name": "19859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19859"
},
{
"name": "21816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21816"
},
{
"name": "IY89169",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY89169"
},
{
"name": "SSRT061213",
"refsource": "HP",
"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name": "21912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21912"
},
{
"name": "21926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21926"
},
{
"name": "21790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21790"
},
{
"name": "[3.9] 20060908 010: SECURITY FIX: September 8, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html"
},
{
"name": "ADV-2006-3511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3511"
},
{
"name": "oval:org.mitre.oval:def:9623",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9623"
},
{
"name": "SSA:2006-257-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241"
},
{
"name": "SSRT061239",
"refsource": "HP",
"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name": "ADV-2006-3473",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3473"
},
{
"name": "VU#697164",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697164"
},
{
"name": "DSA-1172",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1172"
},
{
"name": "ADV-2007-1401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1401"
},
{
"name": "bind-recursive-insist-dos(28744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28744"
},
{
"name": "21828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21828"
},
{
"name": "HPSBTU02207",
"refsource": "HP",
"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144"
},
{
"name": "21752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21752"
},
{
"name": "1016794",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016794"
},
{
"name": "24950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24950"
},
{
"name": "GLSA-200609-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-11.xml"
}
]
}
}

560
2006/4xxx/CVE-2006-4189.json
View File

@ -1,282 +1,282 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21182"
},
{
"name" : "ADV-2006-3346",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3346"
},
{
"name" : "28473",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28473"
},
{
"name" : "28474",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28474"
},
{
"name" : "28478",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28478"
},
{
"name" : "28479",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28479"
},
{
"name" : "28492",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28492"
},
{
"name" : "28496",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28496"
},
{
"name" : "28501",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28501"
},
{
"name" : "28502",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28502"
},
{
"name" : "28503",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28503"
},
{
"name" : "28504",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28504"
},
{
"name" : "28510",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28510"
},
{
"name" : "28485",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28485"
},
{
"name" : "28493",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28493"
},
{
"name" : "28498",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28498"
},
{
"name" : "28499",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28499"
},
{
"name" : "28500",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28500"
},
{
"name" : "28505",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28505"
},
{
"name" : "28506",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28506"
},
{
"name" : "28507",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28507"
},
{
"name" : "28508",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28508"
},
{
"name" : "28509",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28509"
},
{
"name" : "28511",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28511"
},
{
"name" : "28512",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28512"
},
{
"name" : "28513",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28513"
},
{
"name" : "28514",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28514"
},
{
"name" : "28515",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28515"
},
{
"name" : "28516",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28516"
},
{
"name" : "28517",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28517"
},
{
"name" : "28519",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28519"
},
{
"name" : "28520",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28520"
},
{
"name" : "28521",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28521"
},
{
"name" : "28522",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28522"
},
{
"name" : "28523",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28523"
},
{
"name" : "28524",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28524"
},
{
"name" : "28525",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28525"
},
{
"name" : "28526",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28526"
},
{
"name" : "28527",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28527"
},
{
"name" : "28528",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28528"
},
{
"name" : "28529",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28529"
},
{
"name" : "28530",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28530"
},
{
"name" : "1016692",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016692"
},
{
"name" : "21535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21535"
},
{
"name" : "dolphin-dirinc-file-include(28363)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016692",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016692"
},
{
"name": "28501",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28501"
},
{
"name": "28492",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28492"
},
{
"name": "21182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21182"
},
{
"name": "28527",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28527"
},
{
"name": "28525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28525"
},
{
"name": "28517",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28517"
},
{
"name": "28499",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28499"
},
{
"name": "28526",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28526"
},
{
"name": "28502",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28502"
},
{
"name": "28515",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28515"
},
{
"name": "28511",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28511"
},
{
"name": "28521",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28521"
},
{
"name": "28479",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28479"
},
{
"name": "28516",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28516"
},
{
"name": "28508",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28508"
},
{
"name": "28507",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28507"
},
{
"name": "28504",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28504"
},
{
"name": "28510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28510"
},
{
"name": "28514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28514"
},
{
"name": "28522",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28522"
},
{
"name": "28505",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28505"
},
{
"name": "28529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28529"
},
{
"name": "28500",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28500"
},
{
"name": "28478",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28478"
},
{
"name": "28509",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28509"
},
{
"name": "28485",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28485"
},
{
"name": "28512",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28512"
},
{
"name": "28528",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28528"
},
{
"name": "28513",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28513"
},
{
"name": "21535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21535"
},
{
"name": "28498",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28498"
},
{
"name": "28493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28493"
},
{
"name": "28523",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28523"
},
{
"name": "28503",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28503"
},
{
"name": "ADV-2006-3346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3346"
},
{
"name": "dolphin-dirinc-file-include(28363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28363"
},
{
"name": "28496",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28496"
},
{
"name": "28473",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28473"
},
{
"name": "28506",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28506"
},
{
"name": "28524",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28524"
},
{
"name": "28520",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28520"
},
{
"name": "28530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28530"
},
{
"name": "28519",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28519"
},
{
"name": "28474",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28474"
}
]
}
}

150
2006/4xxx/CVE-2006-4315.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ssh.com/company/news/2006/english/security/article/775/",
"refsource" : "CONFIRM",
"url" : "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name" : "19679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19679"
},
{
"name" : "1016743",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016743"
},
{
"name" : "ssh-tectia-pathname-privilege-escalation(28566)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under \"Program Files\" or its subdirectories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19679"
},
{
"name": "1016743",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016743"
},
{
"name": "http://www.ssh.com/company/news/2006/english/security/article/775/",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/company/news/2006/english/security/article/775/"
},
{
"name": "ssh-tectia-pathname-privilege-escalation(28566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28566"
}
]
}
}

180
2006/4xxx/CVE-2006-4693.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02161",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "SSRT061264",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "MS06-060",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060"
},
{
"name" : "20387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20387"
},
{
"name" : "ADV-2006-3979",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3979"
},
{
"name" : "29442",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29442"
},
{
"name" : "1017032",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017032",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017032"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3979",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3979"
},
{
"name": "29442",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29442"
},
{
"name": "MS06-060",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060"
},
{
"name": "20387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20387"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
}
]
}
}

150
2006/6xxx/CVE-2006-6300.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061201 CuteNews 1.3.6 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453314/100/0/threaded"
},
{
"name" : "21403",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21403"
},
{
"name" : "1969",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1969"
},
{
"name" : "cutenews-result-xss(30660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1969",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1969"
},
{
"name": "21403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21403"
},
{
"name": "cutenews-result-xss(30660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30660"
},
{
"name": "20061201 CuteNews 1.3.6 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453314/100/0/threaded"
}
]
}
}

150
2006/6xxx/CVE-2006-6601.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061215 Windows Media MID File Denial Of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454505/100/0/threaded"
},
{
"name" : "20061215 Media .MID file DoS extra info",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-December/001182.html"
},
{
"name" : "21612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21612"
},
{
"name" : "ADV-2006-5039",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061215 Windows Media MID File Denial Of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454505/100/0/threaded"
},
{
"name": "ADV-2006-5039",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5039"
},
{
"name": "20061215 Media .MID file DoS extra info",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-December/001182.html"
},
{
"name": "21612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21612"
}
]
}
}

170
2006/6xxx/CVE-2006-6762.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single \"(\" (parenthesis) in the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061223 Novell Netmail IMAP append Denial of Service Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455"
},
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html"
},
{
"name" : "VU#944273",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/944273"
},
{
"name" : "21729",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21729"
},
{
"name" : "ADV-2006-5134",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5134"
},
{
"name" : "23437",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single \"(\" (parenthesis) in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061223 Novell Netmail IMAP append Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=455"
},
{
"name": "21729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21729"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/328/3717068_f.SAL_Public.html"
},
{
"name": "VU#944273",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/944273"
},
{
"name": "ADV-2006-5134",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5134"
},
{
"name": "23437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23437"
}
]
}
}

170
2006/6xxx/CVE-2006-6865.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for \"..\" sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061230 SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455549/100/0/threaded"
},
{
"name" : "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html",
"refsource" : "MISC",
"url" : "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html"
},
{
"name" : "3046",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3046"
},
{
"name" : "21821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21821"
},
{
"name" : "ADV-2007-0014",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0014"
},
{
"name" : "2094",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for \"..\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21821"
},
{
"name": "3046",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3046"
},
{
"name": "20061230 SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455549/100/0/threaded"
},
{
"name": "ADV-2007-0014",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0014"
},
{
"name": "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html"
},
{
"name": "2094",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2094"
}
]
}
}

160
2010/2xxx/CVE-2010-2291.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35",
"refsource" : "CONFIRM",
"url" : "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35"
},
{
"name" : "40771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40771"
},
{
"name" : "65383",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65383"
},
{
"name" : "37635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37635"
},
{
"name" : "snorm-interface-security-bypass(59342)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65383",
"refsource": "OSVDB",
"url": "http://osvdb.org/65383"
},
{
"name": "snorm-interface-security-bypass(59342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59342"
},
{
"name": "40771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40771"
},
{
"name": "37635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37635"
},
{
"name": "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35",
"refsource": "CONFIRM",
"url": "http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35"
}
]
}
}

150
2010/2xxx/CVE-2010-2299.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a \"Type Confusion\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=43307",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=43307"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:12099",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12099"
},
{
"name" : "40072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a \"Type Confusion\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12099",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12099"
},
{
"name": "40072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40072"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=43307",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=43307"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html"
}
]
}
}

150
2010/2xxx/CVE-2010-2863.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name" : "oval:org.mitre.oval:def:11522",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11522"
},
{
"name" : "1024361",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024361"
},
{
"name" : "ADV-2010-2176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11522",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11522"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

300
2010/2xxx/CVE-2010-2883.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html",
"refsource" : "MISC",
"url" : "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html"
},
{
"name" : "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx",
"refsource" : "MISC",
"url" : "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa10-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa10-02.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name" : "SUSE-SA:2010:048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "TLSA-2011-2",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name" : "TA10-279A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name" : "VU#491991",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/491991"
},
{
"name" : "43057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43057"
},
{
"name" : "oval:org.mitre.oval:def:11586",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586"
},
{
"name" : "41340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41340"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2010-2331",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2331"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name" : "ADV-2011-0344",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0344"
},
{
"name" : "adobe-reader-cooltype-code-execution(61635)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61635"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "oval:org.mitre.oval:def:11586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa10-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa10-02.html"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "ADV-2011-0344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0344"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "ADV-2010-2331",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2331"
},
{
"name": "VU#491991",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/491991"
},
{
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "41340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41340"
},
{
"name": "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx",
"refsource": "MISC",
"url": "http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx"
},
{
"name": "adobe-reader-cooltype-code-execution(61635)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61635"
},
{
"name": "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html",
"refsource": "MISC",
"url": "http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html"
},
{
"name": "43057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43057"
},
{
"name": "TLSA-2011-2",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

190
2011/0xxx/CVE-2011-0051.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616659",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616659"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100128655",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100128655"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100133195",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100133195"
},
{
"name" : "MDVSA-2011:041",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
},
{
"name" : "RHSA-2011:0312",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0312.html"
},
{
"name" : "RHSA-2011:0313",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0313.html"
},
{
"name" : "oval:org.mitre.oval:def:14211",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.avaya.com/css/P8/documents/100133195",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100133195"
},
{
"name": "RHSA-2011:0313",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0313.html"
},
{
"name": "oval:org.mitre.oval:def:14211",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211"
},
{
"name": "MDVSA-2011:041",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
},
{
"name": "RHSA-2011:0312",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0312.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100128655",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100128655"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=616659",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=616659"
}
]
}
}

150
2011/0xxx/CVE-2011-0625.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
},
{
"name" : "SUSE-SA:2011:025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:14077",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077"
},
{
"name" : "oval:org.mitre.oval:def:16076",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14077"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
},
{
"name": "SUSE-SA:2011:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:16076",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16076"
}
]
}
}

170
2011/0xxx/CVE-2011-0650.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openvas-commits] 20110203 r10151 - in trunk/gsa: . src src/html",
"refsource" : "MLIST",
"url" : "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html"
},
{
"name" : "[openvas-commits] 20110203 r10187 - trunk/gsa",
"refsource" : "MLIST",
"url" : "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html"
},
{
"name" : "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name" : "http://www.openvas.org/OVSA20110118.html",
"refsource" : "CONFIRM",
"url" : "http://www.openvas.org/OVSA20110118.html"
},
{
"name" : "43092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43092"
},
{
"name" : "greenbone-unspecifed-csrf(65012)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43092"
},
{
"name": "http://www.openvas.org/OVSA20110118.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "greenbone-unspecifed-csrf(65012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65012"
},
{
"name": "[openvas-commits] 20110203 r10151 - in trunk/gsa: . src src/html",
"refsource": "MLIST",
"url": "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html"
},
{
"name": "[openvas-commits] 20110203 r10187 - trunk/gsa",
"refsource": "MLIST",
"url": "https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html"
}
]
}
}

200
2011/1xxx/CVE-2011-1179.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=689931",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=689931"
},
{
"name" : "RHSA-2011:0426",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0426.html"
},
{
"name" : "RHSA-2011:0427",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0427.html"
},
{
"name" : "47269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47269"
},
{
"name" : "1025304",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025304"
},
{
"name" : "44060",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44060"
},
{
"name" : "ADV-2011-0899",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0899"
},
{
"name" : "spicexpi-pointer-privilege-escalation(66777)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025304"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff"
},
{
"name": "RHSA-2011:0426",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0426.html"
},
{
"name": "RHSA-2011:0427",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0427.html"
},
{
"name": "spicexpi-pointer-privilege-escalation(66777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66777"
},
{
"name": "ADV-2011-0899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0899"
},
{
"name": "44060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44060"
},
{
"name": "47269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47269"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689931",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689931"
}
]
}
}

210
2011/1xxx/CVE-2011-1241.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47218"
},
{
"name" : "71756",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71756"
},
{
"name" : "oval:org.mitre.oval:def:12540",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12540"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12540"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "47218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47218"
},
{
"name": "71756",
"refsource": "OSVDB",
"url": "http://osvdb.org/71756"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
}
]
}
}

34
2011/1xxx/CVE-2011-1802.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1802",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1802",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/4xxx/CVE-2011-4072.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4072",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4072",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

34
2011/4xxx/CVE-2011-4467.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4467",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4467",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2011/4xxx/CVE-2011-4970.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130310 Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/10/1"
},
{
"name" : "[oss-security] 20130311 Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/12/1"
},
{
"name" : "http://blog.pi3.com.pl/?p=402",
"refsource" : "MISC",
"url" : "http://blog.pi3.com.pl/?p=402"
},
{
"name" : "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt",
"refsource" : "MISC",
"url" : "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt"
},
{
"name" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683",
"refsource" : "CONFIRM",
"url" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683"
},
{
"name" : "52487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt",
"refsource": "MISC",
"url": "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt"
},
{
"name": "[oss-security] 20130311 Re: Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/1"
},
{
"name": "[oss-security] 20130310 Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/1"
},
{
"name": "52487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52487"
},
{
"name": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683",
"refsource": "CONFIRM",
"url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683"
},
{
"name": "http://blog.pi3.com.pl/?p=402",
"refsource": "MISC",
"url": "http://blog.pi3.com.pl/?p=402"
}
]
}
}

150
2011/5xxx/CVE-2011-5253.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.thregr.org/~wavexx/software/dl/NEWS.html",
"refsource" : "CONFIRM",
"url" : "http://www.thregr.org/~wavexx/software/dl/NEWS.html"
},
{
"name" : "51347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51347"
},
{
"name" : "47466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47466"
},
{
"name" : "dl-download-security-bypass(72252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dl-download-security-bypass(72252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72252"
},
{
"name": "47466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47466"
},
{
"name": "http://www.thregr.org/~wavexx/software/dl/NEWS.html",
"refsource": "CONFIRM",
"url": "http://www.thregr.org/~wavexx/software/dl/NEWS.html"
},
{
"name": "51347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51347"
}
]
}
}

34
2011/5xxx/CVE-2011-5266.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5266",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5266",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/2xxx/CVE-2014-2319.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://int21.de/cve/CVE-2014-2319-powerarchiver.html",
"refsource" : "MISC",
"url" : "http://int21.de/cve/CVE-2014-2319-powerarchiver.html"
},
{
"name" : "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/",
"refsource" : "CONFIRM",
"url" : "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://int21.de/cve/CVE-2014-2319-powerarchiver.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2014-2319-powerarchiver.html"
},
{
"name": "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/",
"refsource": "CONFIRM",
"url": "http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/"
}
]
}
}

34
2014/2xxx/CVE-2014-2387.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2387",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2387",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/2xxx/CVE-2014-2912.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2912",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2912",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/3xxx/CVE-2014-3201.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html"
},
{
"name" : "https://crbug.com/406593",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/406593"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=182021&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=182021&view=revision"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=182021&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=182021&view=revision"
},
{
"name": "https://crbug.com/406593",
"refsource": "CONFIRM",
"url": "https://crbug.com/406593"
}
]
}
}

160
2014/3xxx/CVE-2014-3242.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/May/20"
},
{
"name" : "[oss-security] 20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/06/1"
},
{
"name" : "[oss-security] 20140506 Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/06/9"
},
{
"name" : "http://www.pnigos.com/?p=260",
"refsource" : "MISC",
"url" : "http://www.pnigos.com/?p=260"
},
{
"name" : "67216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/20"
},
{
"name": "[oss-security] 20140506 CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/06/1"
},
{
"name": "http://www.pnigos.com/?p=260",
"refsource": "MISC",
"url": "http://www.pnigos.com/?p=260"
},
{
"name": "67216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67216"
},
{
"name": "[oss-security] 20140506 Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/06/9"
}
]
}
}

160
2014/3xxx/CVE-2014-3422.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
},
{
"name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource" : "CONFIRM",
"url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name" : "MDVSA-2015:117",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "MDVSA-2015:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource": "CONFIRM",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117067: find-gc.el misc fixes",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6221.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698893",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name" : "73915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73915"
},
{
"name" : "1032026",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698893"
},
{
"name": "73915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73915"
},
{
"name": "1032026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032026"
}
]
}
}

34
2014/6xxx/CVE-2014-6634.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6634",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6634",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/6xxx/CVE-2014-6921.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#373849",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/373849"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#373849",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/373849"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6949.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#173121",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/173121"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#173121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/173121"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

120
2014/7xxx/CVE-2014-7153.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html"
}
]
}
}

140
2014/7xxx/CVE-2014-7631.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#242641",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/242641"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#242641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/242641"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7672.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7672",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7672",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

480
2016/2xxx/CVE-2016-2112.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://badlock.org/",
"refsource" : "MISC",
"url" : "http://badlock.org/"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2016-2112.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2016-2112.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821"
},
{
"name" : "https://www.samba.org/samba/history/samba-4.2.10.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/history/samba-4.2.10.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa122",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa122"
},
{
"name" : "https://www.samba.org/samba/latest_news.html#4.4.2",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/latest_news.html#4.4.2"
},
{
"name" : "DSA-3548",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3548"
},
{
"name" : "FEDORA-2016-383fce04e2",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html"
},
{
"name" : "FEDORA-2016-48b3761baa",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html"
},
{
"name" : "FEDORA-2016-be53260726",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html"
},
{
"name" : "GLSA-201612-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-47"
},
{
"name" : "RHSA-2016:0611",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0611.html"
},
{
"name" : "RHSA-2016:0613",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0613.html"
},
{
"name" : "RHSA-2016:0614",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0614.html"
},
{
"name" : "RHSA-2016:0618",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0618.html"
},
{
"name" : "RHSA-2016:0619",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0619.html"
},
{
"name" : "RHSA-2016:0620",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0620.html"
},
{
"name" : "RHSA-2016:0624",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0624.html"
},
{
"name" : "RHSA-2016:0612",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0612.html"
},
{
"name" : "SSA:2016-106-02",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012"
},
{
"name" : "SUSE-SU-2016:1022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html"
},
{
"name" : "SUSE-SU-2016:1023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html"
},
{
"name" : "SUSE-SU-2016:1024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html"
},
{
"name" : "SUSE-SU-2016:1028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html"
},
{
"name" : "openSUSE-SU-2016:1025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html"
},
{
"name" : "openSUSE-SU-2016:1064",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
},
{
"name" : "openSUSE-SU-2016:1106",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name" : "openSUSE-SU-2016:1107",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name" : "USN-2950-5",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2950-5"
},
{
"name" : "USN-2950-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2950-3"
},
{
"name" : "USN-2950-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2950-4"
},
{
"name" : "USN-2950-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2950-1"
},
{
"name" : "USN-2950-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2950-2"
},
{
"name" : "1035533",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2016-106-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012"
},
{
"name": "SUSE-SU-2016:1022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html"
},
{
"name": "RHSA-2016:0612",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0612.html"
},
{
"name": "USN-2950-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2950-1"
},
{
"name": "SUSE-SU-2016:1028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html"
},
{
"name": "RHSA-2016:0613",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0613.html"
},
{
"name": "http://badlock.org/",
"refsource": "MISC",
"url": "http://badlock.org/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "openSUSE-SU-2016:1064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
},
{
"name": "USN-2950-5",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2950-5"
},
{
"name": "https://www.samba.org/samba/history/samba-4.2.10.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/history/samba-4.2.10.html"
},
{
"name": "FEDORA-2016-be53260726",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html"
},
{
"name": "RHSA-2016:0624",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0624.html"
},
{
"name": "RHSA-2016:0618",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0618.html"
},
{
"name": "https://www.samba.org/samba/security/CVE-2016-2112.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2016-2112.html"
},
{
"name": "SUSE-SU-2016:1024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html"
},
{
"name": "SUSE-SU-2016:1023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html"
},
{
"name": "https://www.samba.org/samba/latest_news.html#4.4.2",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/latest_news.html#4.4.2"
},
{
"name": "1035533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035533"
},
{
"name": "FEDORA-2016-48b3761baa",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html"
},
{
"name": "RHSA-2016:0614",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0614.html"
},
{
"name": "openSUSE-SU-2016:1025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html"
},
{
"name": "RHSA-2016:0620",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0620.html"
},
{
"name": "RHSA-2016:0611",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0611.html"
},
{
"name": "openSUSE-SU-2016:1106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa122",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa122"
},
{
"name": "USN-2950-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2950-3"
},
{
"name": "FEDORA-2016-383fce04e2",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html"
},
{
"name": "openSUSE-SU-2016:1107",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name": "RHSA-2016:0619",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0619.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05082964"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05087821"
},
{
"name": "GLSA-201612-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-47"
},
{
"name": "DSA-3548",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3548"
},
{
"name": "USN-2950-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2950-2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399"
},
{
"name": "USN-2950-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2950-4"
}
]
}
}

34
2016/2xxx/CVE-2016-2682.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2682",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2682",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

172
2017/0xxx/CVE-2017-0602.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "4.4.4"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98141"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

34
2017/0xxx/CVE-2017-0976.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0976",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0976",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/0xxx/CVE-2017-0988.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0988",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0988",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/18xxx/CVE-2017-18122.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180209 [SECURITY] [DLA 1273-1] simplesamlphp security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html"
},
{
"name" : "https://simplesamlphp.org/security/201710-01",
"refsource" : "CONFIRM",
"url" : "https://simplesamlphp.org/security/201710-01"
},
{
"name" : "DSA-4127",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1273-1] simplesamlphp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html"
},
{
"name": "DSA-4127",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4127"
},
{
"name": "https://simplesamlphp.org/security/201710-01",
"refsource": "CONFIRM",
"url": "https://simplesamlphp.org/security/201710-01"
}
]
}
}

190
2017/18xxx/CVE-2017-18191.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2018/04/20/3",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2018/04/20/3"
},
{
"name" : "https://launchpad.net/bugs/1739593",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/bugs/1739593"
},
{
"name" : "https://review.openstack.org/539893",
"refsource" : "CONFIRM",
"url" : "https://review.openstack.org/539893"
},
{
"name" : "https://security.openstack.org/ossa/OSSA-2018-001.html",
"refsource" : "CONFIRM",
"url" : "https://security.openstack.org/ossa/OSSA-2018-001.html"
},
{
"name" : "RHSA-2018:2332",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2332"
},
{
"name" : "RHSA-2018:2714",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2714"
},
{
"name" : "RHSA-2018:2855",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2855"
},
{
"name" : "103104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103104"
},
{
"name": "RHSA-2018:2714",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2714"
},
{
"name": "https://review.openstack.org/539893",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/539893"
},
{
"name": "http://openwall.com/lists/oss-security/2018/04/20/3",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/04/20/3"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2018-001.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2018-001.html"
},
{
"name": "RHSA-2018:2332",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2332"
},
{
"name": "https://launchpad.net/bugs/1739593",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1739593"
},
{
"name": "RHSA-2018:2855",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2855"
}
]
}
}

34
2017/18xxx/CVE-2017-18340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/1xxx/CVE-2017-1083.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secteam@freebsd.org",
"DATE_PUBLIC" : "2017-06-19T00:00:00",
"ID" : "CVE-2017-1083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeBSD",
"version" : {
"version_data" : [
{
"version_value" : "before 11.2-RELEASE"
}
]
}
}
]
},
"vendor_name" : "FreeBSD"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Userspace stack overflow"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-1083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 11.2-RELEASE"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource" : "MISC",
"url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Userspace stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
]
}
}

182
2017/1xxx/CVE-2017-1245.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-20T00:00:00",
"ID" : "CVE-2017-1245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Rhapsody Design Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
},
{
"product_name" : "Rational Rhapsody Design Manager ",
"version" : {
"version_data" : [
{
"version_value" : "5.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-20T00:00:00",
"ID": "CVE-2017-1245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager ",
"version": {
"version_data": [
{
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006052",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124580"
}
]
}
}

34
2017/1xxx/CVE-2017-1511.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1511",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1511",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2017/1xxx/CVE-2017-1595.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-18T00:00:00",
"ID" : "CVE-2017-1595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.1.2"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.1"
},
{
"version_value": "10.1.2"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009629",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009629",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009629"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132549"
}
]
}
}

304
2017/5xxx/CVE-2017-5410.json
View File

@ -1,154 +1,154 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.8"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
},
{
"version_affected" : "<",
"version_value" : "45.8"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory corruption during JavaScript garbage collection incremental sweeping"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.8"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
},
{
"version_affected": "<",
"version_value": "45.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "DSA-3805",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3805"
},
{
"name" : "DSA-3832",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3832"
},
{
"name" : "GLSA-201705-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-06"
},
{
"name" : "GLSA-201705-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-07"
},
{
"name" : "RHSA-2017:0459",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html"
},
{
"name" : "RHSA-2017:0461",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html"
},
{
"name" : "RHSA-2017:0498",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html"
},
{
"name" : "96693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96693"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory corruption during JavaScript garbage collection incremental sweeping"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96693"
},
{
"name": "RHSA-2017:0459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330687"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "GLSA-201705-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-06"
},
{
"name": "RHSA-2017:0461",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"
},
{
"name": "DSA-3805",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3805"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"
},
{
"name": "RHSA-2017:0498",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"
},
{
"name": "GLSA-201705-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-07"
}
]
}
}

34
2017/5xxx/CVE-2017-5523.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5523",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5523",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2017/5xxx/CVE-2017-5612.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170128 Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/28/5"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8731",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8731"
},
{
"name" : "https://codex.wordpress.org/Version_4.7.2",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.7.2"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849",
"refsource" : "CONFIRM",
"url" : "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849"
},
{
"name" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/"
},
{
"name" : "DSA-3779",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3779"
},
{
"name" : "95816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95816"
},
{
"name" : "1037731",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.wordpress.org/Version_4.7.2",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.7.2"
},
{
"name": "95816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95816"
},
{
"name": "DSA-3779",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3779"
},
{
"name": "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849"
},
{
"name": "[oss-security] 20170128 Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/5"
},
{
"name": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8731",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8731"
},
{
"name": "1037731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037731"
}
]
}
}

150
2017/5xxx/CVE-2017-5634.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended \"Please select booking identification\" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugemot.com/bug/190",
"refsource" : "MISC",
"url" : "https://bugemot.com/bug/190"
},
{
"name" : "https://www.youtube.com/watch?v=2j9gP5Qu2WA",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=2j9gP5Qu2WA"
},
{
"name" : "https://www.youtube.com/watch?v=WSQW0ipnXQg",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=WSQW0ipnXQg"
},
{
"name" : "96230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended \"Please select booking identification\" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=2j9gP5Qu2WA",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=2j9gP5Qu2WA"
},
{
"name": "96230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96230"
},
{
"name": "https://www.youtube.com/watch?v=WSQW0ipnXQg",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=WSQW0ipnXQg"
},
{
"name": "https://bugemot.com/bug/190",
"refsource": "MISC",
"url": "https://bugemot.com/bug/190"
}
]
}
}

34
2017/5xxx/CVE-2017-5861.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}