admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:34:39 +00:00
parent a5acd57c0f
commit 36eb7d1d8a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 4445 additions and 4445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2001/0xxx/CVE-2001-0652.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0652", "ID": "CVE-2001-0652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=99745571104126&w=2" "lang": "eng",
}, "value": "Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable."
{ }
"name" : "solaris-xlock-bo(6967)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6967" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3160", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3160" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:10", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:131", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131" "name": "3160",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/3160"
} },
} {
"name": "solaris-xlock-bo(6967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6967"
},
{
"name": "oval:org.mitre.oval:def:10",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10"
},
{
"name": "20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99745571104126&w=2"
},
{
"name": "oval:org.mitre.oval:def:131",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131"
}
]
}
}

210
2001/0xxx/CVE-2001-0727.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0727", "ID": "CVE-2001-0727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the \"File Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011214 MSIE may download and run progams automatically", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=100835204509262&w=2" "lang": "eng",
}, "value": "Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the \"File Execution Vulnerability.\""
{ }
"name" : "20011216 Re: MSIE may download and run progams automatically - NOT SO FAST", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=100861273114437&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS01-058", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2001-36", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2001-36.html" ]
}, },
{ "references": {
"name" : "VU#443699", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/443699" "name": "CA-2001-36",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2001-36.html"
"name" : "M-027", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/m-027.shtml" "name": "20011214 MSIE may download and run progams automatically",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=100835204509262&w=2"
"name" : "3578", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3578" "name": "oval:org.mitre.oval:def:921",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A921"
"name" : "3033", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3033" "name": "ie-file-download-execution(7703)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7703"
"name" : "oval:org.mitre.oval:def:921", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A921" "name": "3033",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/3033"
"name" : "ie-file-download-execution(7703)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7703" "name": "M-027",
} "refsource": "CIAC",
] "url": "http://www.ciac.org/ciac/bulletins/m-027.shtml"
} },
} {
"name": "VU#443699",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/443699"
},
{
"name": "3578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3578"
},
{
"name": "20011216 Re: MSIE may download and run progams automatically - NOT SO FAST",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100861273114437&w=2"
},
{
"name": "MS01-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058"
}
]
}
}

180
2001/1xxx/CVE-2001-1027.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1027", "ID": "CVE-2001-1027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.windowmaker.org/src/ChangeLog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.windowmaker.org/src/ChangeLog" "lang": "eng",
}, "value": "Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title."
{ }
"name" : "DSA-074", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2001/dsa-074" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLA-2001:411", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SuSE-SA:2001:032", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2001_032_wmaker_txt.html" ]
}, },
{ "references": {
"name" : "MDKSA-2001:074", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3" "name": "http://www.windowmaker.org/src/ChangeLog",
}, "refsource": "CONFIRM",
{ "url": "http://www.windowmaker.org/src/ChangeLog"
"name" : "3177", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3177" "name": "SuSE-SA:2001:032",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2001_032_wmaker_txt.html"
"name" : "windowmaker-title-bo(6969)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6969" "name": "DSA-074",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2001/dsa-074"
} },
} {
"name": "3177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3177"
},
{
"name": "CLA-2001:411",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411"
},
{
"name": "windowmaker-title-bo(6969)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6969"
},
{
"name": "MDKSA-2001:074",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3"
}
]
}
}

160
2001/1xxx/CVE-2001-1078.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1078", "ID": "CVE-2001-1078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010622 eXtremail Remote Format String ('s)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html" "lang": "eng",
}, "value": "Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication."
{ }
"name" : "http://www.extremail.com/history.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://www.extremail.com/history.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.extremail.com/news.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.extremail.com/news.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "extremail-flog-format-string(6733)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6733" ]
}, },
{ "references": {
"name" : "2908", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2908" "name": "2908",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/2908"
} },
} {
"name": "20010622 eXtremail Remote Format String ('s)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html"
},
{
"name": "http://www.extremail.com/news.htm",
"refsource": "CONFIRM",
"url": "http://www.extremail.com/news.htm"
},
{
"name": "extremail-flog-format-string(6733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6733"
},
{
"name": "http://www.extremail.com/history.htm",
"refsource": "CONFIRM",
"url": "http://www.extremail.com/history.htm"
}
]
}
}

180
2001/1xxx/CVE-2001-1316.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1316", "ID": "CVE-2001-1316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#688960", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/688960" "lang": "eng",
}, "value": "Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
{ }
"name" : "CA-2001-18", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2001-18.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "L-116", "description": [
"refsource" : "CIAC", {
"url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kb.cert.org/vuls/id/JPLA-4WESNA", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kb.cert.org/vuls/id/JPLA-4WESNA" ]
}, },
{ "references": {
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" "name": "3044",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/3044"
"name" : "teamware-ldap-protos-bo(6897)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6897" "name": "CA-2001-18",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2001-18.html"
"name" : "3044", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3044" "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
} "refsource": "MISC",
] "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
} },
} {
"name": "L-116",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
},
{
"name": "teamware-ldap-protos-bo(6897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6897"
},
{
"name": "http://www.kb.cert.org/vuls/id/JPLA-4WESNA",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNA"
},
{
"name": "VU#688960",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/688960"
}
]
}
}

150
2001/1xxx/CVE-2001-1497.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1497", "ID": "CVE-2001-1497",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011121 MS IE Password inputs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/241323" "lang": "eng",
}, "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."
{ }
"name" : "20011120 Re: MS IE Password inputs", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/241400" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3563", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3563" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ie-password-character-information(7592)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7592.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "3563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3563"
},
{
"name": "20011120 Re: MS IE Password inputs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241400"
},
{
"name": "20011121 MS IE Password inputs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241323"
},
{
"name": "ie-password-character-information(7592)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7592.php"
}
]
}
}

200
2006/2xxx/CVE-2006-2119.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2119", "ID": "CVE-2006-2119",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter."
{ }
"name" : "20060428 [Kurdish Security #2] Artmedic Event Remote File Include Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/432397/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.lobnan.de/advisories/artmedic.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.lobnan.de/advisories/artmedic.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17736", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17736" ]
}, },
{ "references": {
"name" : "ADV-2006-1588", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1588" "name": "http://www.lobnan.de/advisories/artmedic.txt",
}, "refsource": "MISC",
{ "url": "http://www.lobnan.de/advisories/artmedic.txt"
"name" : "25130", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25130" "name": "17736",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17736"
"name" : "19907", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19907" "name": "http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html",
}, "refsource": "MISC",
{ "url": "http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html"
"name" : "811", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/811" "name": "artmedic-event-index-file-include(26150)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26150"
"name" : "artmedic-event-index-file-include(26150)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26150" "name": "20060428 [Kurdish Security #2] Artmedic Event Remote File Include Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/432397/100/0/threaded"
} },
} {
"name": "25130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25130"
},
{
"name": "19907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19907"
},
{
"name": "811",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/811"
},
{
"name": "ADV-2006-1588",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1588"
}
]
}
}

340
2006/2xxx/CVE-2006-2223.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2223", "ID": "CVE-2006-2223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060503 Quagga RIPD unauthenticated route table broadcast", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/432822/100/0/threaded" "lang": "eng",
}, "value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."
{ }
"name" : "20060503 Re: Quagga RIPD unauthenticated route injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/432823/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.quagga.net/show_bug.cgi?id=261", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.quagga.net/show_bug.cgi?id=261" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1059", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1059" ]
}, },
{ "references": {
"name" : "GLSA-200605-15", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml" "name": "SUSE-SR:2006:017",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
"name" : "RHSA-2006:0525", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0525.html" "name": "USN-284-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/284-1/"
"name" : "RHSA-2006:0533", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0533.html" "name": "quagga-ripv1-information-disclosure(26243)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
"name" : "20060602-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" "name": "20782",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20782"
"name" : "SUSE-SR:2006:017", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_17_sr.html" "name": "20138",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20138"
"name" : "USN-284-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/284-1/" "name": "20060503 Re: Quagga RIPD unauthenticated route injection",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
"name" : "17808", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17808" "name": "20421",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20421"
"name" : "25224", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25224" "name": "20060602-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
"name" : "oval:org.mitre.oval:def:9985", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985" "name": "25224",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/25224"
"name" : "1016204", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016204" "name": "RHSA-2006:0525",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
"name" : "19910", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19910" "name": "20137",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20137"
"name" : "20137", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20137" "name": "http://bugzilla.quagga.net/show_bug.cgi?id=261",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
"name" : "20138", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20138" "name": "1016204",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016204"
"name" : "20221", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20221" "name": "19910",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19910"
"name" : "20420", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20420" "name": "oval:org.mitre.oval:def:9985",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
"name" : "20421", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20421" "name": "17808",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17808"
"name" : "20782", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20782" "name": "RHSA-2006:0533",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
"name" : "21159", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21159" "name": "GLSA-200605-15",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
"name" : "quagga-ripv1-information-disclosure(26243)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243" "name": "21159",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21159"
} },
} {
"name": "20060503 Quagga RIPD unauthenticated route table broadcast",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"name": "DSA-1059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20420"
}
]
}
}

150
2006/2xxx/CVE-2006-2514.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2514", "ID": "CVE-2006-2514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266" "lang": "eng",
}, "value": "Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions."
{ }
"name" : "ADV-2006-1892", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1892" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20211", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20211" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "coppermine-file-upload(26588)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266"
},
{
"name": "ADV-2006-1892",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1892"
},
{
"name": "20211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20211"
},
{
"name": "coppermine-file-upload(26588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26588"
}
]
}
}

200
2006/6xxx/CVE-2006-6066.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6066", "ID": "CVE-2006-6066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061115 Dragon calendar [ login bypass & injection sql ]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451632/100/100/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp."
{ }
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=32", ]
"refsource" : "MISC", },
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=32" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21098", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21098" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4533", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4533" ]
}, },
{ "references": {
"name" : "30443", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30443" "name": "30444",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/30444"
"name" : "30444", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30444" "name": "ADV-2006-4533",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4533"
"name" : "30445", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30445" "name": "20061115 Dragon calendar [ login bypass & injection sql ]",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/451632/100/100/threaded"
"name" : "22930", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22930" "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=32",
}, "refsource": "MISC",
{ "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=32"
"name" : "dragoneventslisting-event-sql-injection(30296)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30296" "name": "30443",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/30443"
} },
} {
"name": "22930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22930"
},
{
"name": "30445",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30445"
},
{
"name": "21098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21098"
},
{
"name": "dragoneventslisting-event-sql-injection(30296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30296"
}
]
}
}

200
2008/5xxx/CVE-2008-5410.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5410", "ID": "CVE-2008-5410",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1" "lang": "eng",
}, "value": "The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions."
{ }
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1", ]
"refsource" : "CONFIRM", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "246846", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246846-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32671", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/32671" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:5914", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5914" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1",
}, "refsource": "CONFIRM",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1"
"name" : "ADV-2008-3372", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3372" "name": "solaris-openssl-pkcs11engine-dos(47137)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47137"
"name" : "1021358", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021358" "name": "32671",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/32671"
"name" : "33050", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33050" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1",
}, "refsource": "CONFIRM",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1"
"name" : "solaris-openssl-pkcs11engine-dos(47137)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47137" "name": "ADV-2008-3372",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/3372"
} },
} {
"name": "33050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33050"
},
{
"name": "246846",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246846-1"
},
{
"name": "1021358",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021358"
},
{
"name": "oval:org.mitre.oval:def:5914",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5914"
}
]
}
}

170
2008/5xxx/CVE-2008-5640.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5640", "ID": "CVE-2008-5640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7290", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7290" "lang": "eng",
}, "value": "SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter."
{ }
"name" : "32544", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32544" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-3302", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3302" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32920", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32920" ]
}, },
{ "references": {
"name" : "4776", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4776" "name": "32920",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32920"
"name" : "activebids-bidhistory-sql-injection(46912)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46912" "name": "activebids-bidhistory-sql-injection(46912)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46912"
} },
} {
"name": "7290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7290"
},
{
"name": "ADV-2008-3302",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3302"
},
{
"name": "32544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32544"
},
{
"name": "4776",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4776"
}
]
}
}

190
2008/5xxx/CVE-2008-5692.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5692", "ID": "CVE-2008-5692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487686/100/200/threaded" "lang": "eng",
}, "value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
{ }
"name" : "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/487697/100/200/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12", ]
"refsource" : "CONFIRM", }
"url" : "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12" ]
}, },
{ "references": {
"name" : "27654", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27654" "name": "4799",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4799"
"name" : "ADV-2008-0473", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0473" "name": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12",
}, "refsource": "CONFIRM",
{ "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
"name" : "28822", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28822" "name": "ADV-2008-0473",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0473"
"name" : "4799", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4799" "name": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt",
} "refsource": "MISC",
] "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
} },
} {
"name": "27654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27654"
},
{
"name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
},
{
"name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
},
{
"name": "28822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28822"
}
]
}
}

140
2008/5xxx/CVE-2008-5948.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5948", "ID": "CVE-2008-5948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7345", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7345" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter."
{ }
"name" : "32644", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32644" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32981", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32981" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "32981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32981"
},
{
"name": "32644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32644"
},
{
"name": "7345",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7345"
}
]
}
}

250
2011/2xxx/CVE-2011-2377.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2377", "ID": "CVE-2011-2377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-21.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=638018", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=638018" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=639303", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=639303" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100144854", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100144854" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/css/P8/documents/100145333", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100145333" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-21.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-21.html"
"name" : "MDVSA-2011:111", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=639303",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=639303"
"name" : "RHSA-2011:0885", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html" "name": "MDVSA-2011:111",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
"name" : "RHSA-2011:0886", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html" "name": "45002",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45002"
"name" : "RHSA-2011:0887", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html" "name": "http://support.avaya.com/css/P8/documents/100145333",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100145333"
"name" : "RHSA-2011:0888", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html" "name": "USN-1149-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1149-1"
"name" : "SUSE-SA:2011:028", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" "name": "oval:org.mitre.oval:def:13872",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13872"
"name" : "USN-1149-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1149-1" "name": "http://support.avaya.com/css/P8/documents/100144854",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100144854"
"name" : "oval:org.mitre.oval:def:13872", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13872" "name": "RHSA-2011:0887",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
"name" : "45002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45002" "name": "RHSA-2011:0885",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
} },
} {
"name": "RHSA-2011:0888",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
},
{
"name": "SUSE-SA:2011:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name": "RHSA-2011:0886",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=638018",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=638018"
}
]
}
}

230
2011/2xxx/CVE-2011-2383.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2383", "ID": "CVE-2011-2383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388", "description_data": [
"refsource" : "MISC", {
"url" : "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue, aka \"Drag and Drop Information Disclosure Vulnerability.\" NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release."
{ }
"name" : "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt", ]
"refsource" : "MISC", },
"url" : "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://news.cnet.com/8301-1009_3-20066419-83.html", "description": [
"refsource" : "MISC", {
"url" : "http://news.cnet.com/8301-1009_3-20066419-83.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/", ]
"refsource" : "MISC", }
"url" : "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" ]
}, },
{ "references": {
"name" : "http://www.informationweek.com/news/security/vulnerabilities/229700031", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.informationweek.com/news/security/vulnerabilities/229700031" "name": "http://www.informationweek.com/news/security/vulnerabilities/229700031",
}, "refsource": "MISC",
{ "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031"
"name" : "http://www.networkworld.com/community/node/74259", },
"refsource" : "MISC", {
"url" : "http://www.networkworld.com/community/node/74259" "name": "MS11-057",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
"name" : "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/", },
"refsource" : "MISC", {
"url" : "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" "name": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388",
}, "refsource": "MISC",
{ "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388"
"name" : "http://www.youtube.com/watch?v=V95CX-3JpK0", },
"refsource" : "MISC", {
"url" : "http://www.youtube.com/watch?v=V95CX-3JpK0" "name": "http://news.cnet.com/8301-1009_3-20066419-83.html",
}, "refsource": "MISC",
{ "url": "http://news.cnet.com/8301-1009_3-20066419-83.html"
"name" : "http://www.youtube.com/watch?v=VsSkcnIFCxM", },
"refsource" : "MISC", {
"url" : "http://www.youtube.com/watch?v=VsSkcnIFCxM" "name": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/",
}, "refsource": "MISC",
{ "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/"
"name" : "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt", },
"refsource" : "MISC", {
"url" : "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" "name": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/",
}, "refsource": "MISC",
{ "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"
"name" : "MS11-057", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" "name": "oval:org.mitre.oval:def:12820",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820"
"name" : "oval:org.mitre.oval:def:12820", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12820" "name": "http://www.youtube.com/watch?v=VsSkcnIFCxM",
} "refsource": "MISC",
] "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM"
} },
} {
"name": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt",
"refsource": "MISC",
"url": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt"
},
{
"name": "http://www.networkworld.com/community/node/74259",
"refsource": "MISC",
"url": "http://www.networkworld.com/community/node/74259"
},
{
"name": "http://www.youtube.com/watch?v=V95CX-3JpK0",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=V95CX-3JpK0"
},
{
"name": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt",
"refsource": "MISC",
"url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt"
}
]
}
}

130
2011/2xxx/CVE-2011-2661.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2661", "ID": "CVE-2011-2661",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/viewContent.do?externalId=7009214", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=7009214" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter."
{ }
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=702786", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=702786" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=702786",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702786"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009214",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009214"
}
]
}
}

160
2011/2xxx/CVE-2011-2963.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2963", "ID": "CVE-2011-2963",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "17034", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/17034" "lang": "eng",
}, "value": "TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651."
{ }
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46907", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/46907" ]
}, },
{ "references": {
"name" : "72888", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/72888" "name": "46907",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/46907"
} },
} {
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf"
},
{
"name": "72888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72888"
},
{
"name": "17034",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17034"
}
]
}
}

230
2011/2xxx/CVE-2011-2981.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2981", "ID": "CVE-2011-2981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html" "lang": "eng",
}, "value": "The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=614151", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=614151" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=643450", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=643450" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650252", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650252" ]
}, },
{ "references": {
"name" : "DSA-2295", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2295" "name": "MDVSA-2011:127",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:127"
"name" : "DSA-2296", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2296" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html"
"name" : "DSA-2297", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2297" "name": "DSA-2297",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2297"
"name" : "MDVSA-2011:127", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:127" "name": "SUSE-SU-2011:0967",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html"
"name" : "RHSA-2011:1164", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1164.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=650252",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=650252"
"name" : "SUSE-SA:2011:037", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" "name": "DSA-2296",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2296"
"name" : "SUSE-SU-2011:0967", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html" "name": "SUSE-SA:2011:037",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html"
"name" : "oval:org.mitre.oval:def:14512", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14512" "name": "RHSA-2011:1164",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-1164.html"
} },
} {
"name": "oval:org.mitre.oval:def:14512",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14512"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=614151",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=614151"
},
{
"name": "DSA-2295",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2295"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=643450",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=643450"
}
]
}
}

130
2011/3xxx/CVE-2011-3384.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2011-3384", "ID": "CVE-2011-3384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#30221194", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN30221194/index.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102."
{ }
"name" : "JVNDB-2011-000069", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000069" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#30221194",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30221194/index.html"
},
{
"name": "JVNDB-2011-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000069"
}
]
}
}

140
2011/3xxx/CVE-2011-3703.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3703", "ID": "CVE-2011-3703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "AneCMS 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/menu/index.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/anecms-1.0", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/anecms-1.0" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/anecms-1.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/anecms-1.0"
}
]
}
}

140
2011/3xxx/CVE-2011-3816.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3816", "ID": "CVE-2011-3816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e"
}
]
}
}

34
2011/4xxx/CVE-2011-4366.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-4366", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-4366",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4090. Reason: This candidate is a reservation duplicate of CVE-2011-4090. Notes: All CVE users should reference CVE-2011-4090 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4090. Reason: This candidate is a reservation duplicate of CVE-2011-4090. Notes: All CVE users should reference CVE-2011-4090 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

140
2011/4xxx/CVE-2011-4812.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4812", "ID": "CVE-2011-4812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18063", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18063" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter."
{ }
"name" : "76880", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/76880" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46662", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46662" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "18063",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18063"
},
{
"name": "76880",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76880"
},
{
"name": "46662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46662"
}
]
}
}

34
2013/0xxx/CVE-2013-0039.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-0039", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-0039",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

130
2013/0xxx/CVE-2013-0396.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0396", "ID": "CVE-2013-0396",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2013/0xxx/CVE-2013-0491.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0491", "ID": "CVE-2013-0491",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/0xxx/CVE-2013-0785.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-0785", "ID": "CVE-2013-0785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/3.6.12/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/3.6.12/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=842038", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=842038" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2013:066", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=842038",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=842038"
},
{
"name": "http://www.bugzilla.org/security/3.6.12/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.6.12/"
}
]
}
}

190
2013/0xxx/CVE-2013-0996.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-0996", "ID": "CVE-2013-0996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5766", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5766" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1."
{ }
"name" : "http://support.apple.com/kb/HT5785", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5934", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-05-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-06-04-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" "name": "http://support.apple.com/kb/HT5785",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5785"
"name" : "APPLE-SA-2013-09-18-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "name": "oval:org.mitre.oval:def:17298",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17298"
"name" : "oval:org.mitre.oval:def:17298", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17298" "name": "54886",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54886"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT5934",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT5934"
} },
} {
"name": "APPLE-SA-2013-06-04-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT5766",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5766"
},
{
"name": "APPLE-SA-2013-05-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

160
2013/1xxx/CVE-2013-1025.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-1025", "ID": "CVE-2013-1025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5880", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5880" "lang": "eng",
}, "value": "Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document."
{ }
"name" : "http://support.apple.com/kb/HT5934", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5934" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-09-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-09-18-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" ]
}, },
{ "references": {
"name" : "54886", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "54886",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/54886"
} },
} {
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

140
2013/1xxx/CVE-2013-1095.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1095", "ID": "CVE-2013-1095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/kb/doc.php?id=7012025", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/kb/doc.php?id=7012025" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event."
{ }
"name" : "http://www.novell.com/support/kb/doc.php?id=7012500", ]
"refsource" : "CONFIRM", },
"url" : "http://www.novell.com/support/kb/doc.php?id=7012500" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.novell.com/support/kb/doc.php?id=7012027", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/kb/doc.php?id=7012027" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012500",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012500"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012027",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012027"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012025",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012025"
}
]
}
}

140
2013/1xxx/CVE-2013-1128.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1128", "ID": "CVE-2013-1128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=28217", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=28217" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information."
{ }
"name" : "20130211 Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1128" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52194", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52194" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28217",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28217"
},
{
"name": "20130211 Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1128"
},
{
"name": "52194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52194"
}
]
}
}

180
2013/1xxx/CVE-2013-1794.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1794", "ID": "CVE-2013-1794",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt" "lang": "eng",
}, "value": "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
{ }
"name" : "DSA-2638", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2013/dsa-2638" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2014:244", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "58299", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/58299" ]
}, },
{ "references": {
"name" : "52342", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52342" "name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
"name" : "52480", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52480" "name": "52480",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52480"
"name" : "openafs-fileserver-bo(82582)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582" "name": "52342",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/52342"
} },
} {
"name": "DSA-2638",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
]
}
}

130
2013/5xxx/CVE-2013-5326.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-5326", "ID": "CVE-2013-5326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-27.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-27.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory."
{ }
"name" : "VU#295276", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/295276" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-27.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-27.html"
},
{
"name": "VU#295276",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/295276"
}
]
}
}

150
2013/5xxx/CVE-2013-5406.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5406", "ID": "CVE-2013-5406",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler."
{ }
"name" : "IC96055", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64446", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64446" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ibm-sterling-cve20135406-mhtml-xss(87355)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87355" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"name": "ibm-sterling-cve20135406-mhtml-xss(87355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87355"
},
{
"name": "64446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64446"
},
{
"name": "IC96055",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055"
}
]
}
}

410
2013/5xxx/CVE-2013-5878.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5878", "ID": "CVE-2013-5878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051823", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051823" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", "description": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02972", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" ]
}, },
{ "references": {
"name" : "HPSBUX02973", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" "name": "56432",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56432"
"name" : "SSRT101454", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "SSRT101455", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051823",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051823"
"name" : "RHSA-2014:0026", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html" "name": "openSUSE-SU-2014:0174",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
"name" : "RHSA-2014:0027", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html" "name": "SSRT101455",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
"name" : "RHSA-2014:0097", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html" "name": "RHSA-2014:0135",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
"name" : "RHSA-2014:0030", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" "name": "56535",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56535"
"name" : "RHSA-2014:0134", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" "name": "USN-2089-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2089-1"
"name" : "RHSA-2014:0135", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" "name": "RHSA-2014:0030",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "RHSA-2014:0097",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
"name" : "openSUSE-SU-2014:0174", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" "name": "56485",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56485"
"name" : "SUSE-SU-2014:0246", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" "name": "SSRT101454",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "SUSE-SU-2014:0266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" "name": "102005",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/102005"
"name" : "openSUSE-SU-2014:0177", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
"name" : "openSUSE-SU-2014:0180", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" "name": "64927",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64927"
"name" : "SUSE-SU-2014:0451", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" "name": "HPSBUX02972",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "USN-2089-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2089-1" "name": "RHSA-2014:0027",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
"name" : "USN-2124-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2124-1" "name": "56486",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56486"
"name" : "64758", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64758" "name": "SUSE-SU-2014:0451",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
"name" : "64927", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64927" "name": "HPSBUX02973",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
"name" : "102005", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102005" "name": "1029608",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029608"
"name" : "1029608", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029608" "name": "USN-2124-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2124-1"
"name" : "56432", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56432" "name": "SUSE-SU-2014:0266",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
"name" : "56485", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56485" "name": "RHSA-2014:0026",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
"name" : "56486", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56486" "name": "64758",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64758"
"name" : "56535", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56535" "name": "SUSE-SU-2014:0246",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "RHSA-2014:0134",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
},
{
"name": "openSUSE-SU-2014:0180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
},
{
"name": "openSUSE-SU-2014:0177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
}
]
}
}

120
2014/2xxx/CVE-2014-2136.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-2136", "ID": "CVE-2014-2136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" "lang": "eng",
} "value": "Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex"
}
]
}
}

150
2014/2xxx/CVE-2014-2245.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2245", "ID": "CVE-2014-2245",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the \"Modify News\" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140301 Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q1/467" "lang": "eng",
}, "value": "SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the \"Modify News\" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://dev.cmsmadesimple.org/project/changelog/4602", ]
"refsource" : "CONFIRM", },
"url" : "http://dev.cmsmadesimple.org/project/changelog/4602" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65953", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65953" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56996", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/56996" ]
} },
] "references": {
} "reference_data": [
} {
"name": "56996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56996"
},
{
"name": "65953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65953"
},
{
"name": "http://dev.cmsmadesimple.org/project/changelog/4602",
"refsource": "CONFIRM",
"url": "http://dev.cmsmadesimple.org/project/changelog/4602"
},
{
"name": "[oss-security] 20140301 Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/467"
}
]
}
}

130
2014/2xxx/CVE-2014-2957.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-2957", "ID": "CVE-2014-2957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[exim-announce] 20140528 [exim] Exim 4.82.1 Security Release", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html" "lang": "eng",
}, "value": "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function."
{ }
"name" : "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0", ]
"refsource" : "CONFIRM", },
"url" : "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[exim-announce] 20140528 [exim] Exim 4.82.1 Security Release",
"refsource": "MLIST",
"url": "https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html"
},
{
"name": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0",
"refsource": "CONFIRM",
"url": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0"
}
]
}
}

220
2017/0xxx/CVE-2017-0379.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-0379", "ID": "CVE-2017-0379",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "libgcrypt", "product_name": "libgcrypt",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "libgcrypt" "version_value": "libgcrypt"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "local side-channel attack"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/873383", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.debian.org/873383" "lang": "eng",
}, "value": "Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c."
{ }
"name" : "https://eprint.iacr.org/2017/806", ]
"refsource" : "MISC", },
"url" : "https://eprint.iacr.org/2017/806" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b", "description": [
"refsource" : "MISC", {
"url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b" "lang": "eng",
}, "value": "local side-channel attack"
{ }
"name" : "https://lists.debian.org/debian-security-announce/2017/msg00221.html", ]
"refsource" : "MISC", }
"url" : "https://lists.debian.org/debian-security-announce/2017/msg00221.html" ]
}, },
{ "references": {
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-0379", "reference_data": [
"refsource" : "MISC", {
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-0379" "name": "100503",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/100503"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", },
"refsource" : "CONFIRM", {
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "name": "1041294",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041294"
"name" : "DSA-3959", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-3959" "name": "DSA-3959",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-3959"
"name" : "100503", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100503" "name": "https://lists.debian.org/debian-security-announce/2017/msg00221.html",
}, "refsource": "MISC",
{ "url": "https://lists.debian.org/debian-security-announce/2017/msg00221.html"
"name" : "1041294", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041294" "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b",
} "refsource": "MISC",
] "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b"
} },
} {
"name": "https://eprint.iacr.org/2017/806",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2017/806"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0379",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0379"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "https://bugs.debian.org/873383",
"refsource": "MISC",
"url": "https://bugs.debian.org/873383"
}
]
}
}

146
2017/0xxx/CVE-2017-0437.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0437", "ID": "CVE-2017-0437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-02-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-02-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497."
{ }
"name" : "96047", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96047" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037798", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037798" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96047"
},
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}

132
2017/0xxx/CVE-2017-0702.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00", "DATE_PUBLIC": "2017-07-05T00:00:00",
"ID" : "CVE-2017-0702", "ID": "CVE-2017-0702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-7.1.1 Android-7.1.2" "version_value": "Android-7.1.1 Android-7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-07-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-07-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442."
{ }
"name" : "99472", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99472" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99472"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000065.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.316661", "DATE_ASSIGNED": "2017-05-06T20:43:28.316661",
"ID" : "CVE-2017-1000065", "ID": "CVE-2017-1000065",
"REQUESTER" : "bazy@safecomp.com", "REQUESTER": "bazy@safecomp.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "OpenMediaVault", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "OpenMediaVault" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/openmediavault/openmediavault/commit/b2db1e24d0e52b961b5c3b3329b6ee717cac53a2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openmediavault/openmediavault/commit/b2db1e24d0e52b961b5c3b3329b6ee717cac53a2" "lang": "eng",
} "value": "Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openmediavault/openmediavault/commit/b2db1e24d0e52b961b5c3b3329b6ee717cac53a2",
"refsource": "CONFIRM",
"url": "https://github.com/openmediavault/openmediavault/commit/b2db1e24d0e52b961b5c3b3329b6ee717cac53a2"
}
]
}
}

162
2017/1000xxx/CVE-2017-1000365.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000365", "ID": "CVE-2017-1000365",
"REQUESTER" : "qsa@qualys.com", "REQUESTER": "qsa@qualys.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux Kernel", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.11.5" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux Kernel" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" "lang": "eng",
}, "value": "The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23."
{ }
"name" : "https://access.redhat.com/security/cve/CVE-2017-1000365", ]
"refsource" : "CONFIRM", },
"url" : "https://access.redhat.com/security/cve/CVE-2017-1000365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3927", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3927" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3945", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3945" ]
}, },
{ "references": {
"name" : "99156", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99156" "name": "DSA-3927",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3927"
} },
} {
"name": "99156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99156"
},
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "DSA-3945",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-1000365",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000365"
}
]
}
}

34
2017/12xxx/CVE-2017-12049.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12049", "ID": "CVE-2017-12049",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2017/12xxx/CVE-2017-12087.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00", "DATE_PUBLIC": "2017-11-20T00:00:00",
"ID" : "CVE-2017-12087", "ID": "CVE-2017-12087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Tinysvcmdns", "product_name": "Tinysvcmdns",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2016-07-18" "version_value": "2016-07-18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "geekman" "vendor_name": "geekman"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439" "lang": "eng",
} "value": "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439"
}
]
}
}

130
2017/12xxx/CVE-2017-12306.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12306", "ID": "CVE-2017-12306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Spark Board", "product_name": "Cisco Spark Board",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Spark Board" "version_value": "Cisco Spark Board"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-16"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark" "lang": "eng",
}, "value": "A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502."
{ }
"name" : "101914", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101914" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-16"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101914"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark"
}
]
}
}

130
2017/12xxx/CVE-2017-12472.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12472", "ID": "CVE-2017-12472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/cn-uofbasel/ccn-lite/issues/138", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/cn-uofbasel/ccn-lite/issues/138" "lang": "eng",
}, "value": "ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc."
{ }
"name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cn-uofbasel/ccn-lite/issues/138",
"refsource": "CONFIRM",
"url": "https://github.com/cn-uofbasel/ccn-lite/issues/138"
},
{
"name": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0",
"refsource": "CONFIRM",
"url": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0"
}
]
}
}

120
2017/12xxx/CVE-2017-12928.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12928", "ID": "CVE-2017-12928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html" "lang": "eng",
} "value": "A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/144259/DlxSpot-Hardcoded-Password.html"
}
]
}
}

34
2017/16xxx/CVE-2017-16027.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16027", "ID": "CVE-2017-16027",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/16xxx/CVE-2017-16172.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16172", "ID": "CVE-2017-16172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "section2.madisonjbrooks12 node module", "product_name": "section2.madisonjbrooks12 node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/section2.madisonjbrooks12", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/section2.madisonjbrooks12" "lang": "eng",
}, "value": "section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/468", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/468" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/468",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/468"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/section2.madisonjbrooks12",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/section2.madisonjbrooks12"
}
]
}
}

120
2017/16xxx/CVE-2017-16561.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16561", "ID": "CVE-2017-16561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43108", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43108/" "lang": "eng",
} "value": "/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43108",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43108/"
}
]
}
}

34
2017/4xxx/CVE-2017-4341.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4341", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4341",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4426.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4426", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4426",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4453.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4453", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4453",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4545.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4545", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4545",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18664.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18664", "ID": "CVE-2018-18664",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2018/5xxx/CVE-2018-5007.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-5007", "ID": "CVE-2018-5007",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 30.0.0.113 and earlier versions", "product_name": "Adobe Flash Player 30.0.0.113 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 30.0.0.113 and earlier versions" "version_value": "Adobe Flash Player 30.0.0.113 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type Confusion"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html" "lang": "eng",
}, "value": "Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "RHSA-2018:2175", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:2175" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104698", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104698" "lang": "eng",
}, "value": "Type Confusion"
{ }
"name" : "1041248", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041248" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html"
},
{
"name": "1041248",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041248"
},
{
"name": "104698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104698"
},
{
"name": "RHSA-2018:2175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2175"
}
]
}
}

140
2018/5xxx/CVE-2018-5021.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-5021", "ID": "CVE-2018-5021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "104701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041250", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041250" "lang": "eng",
} "value": "Out-of-bounds write"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
},
{
"name": "104701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104701"
}
]
}
}

130
2018/5xxx/CVE-2018-5256.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5256", "ID": "CVE-2018-5256",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users are able to list all Namespaces through the Console, resulting in an information disclosure. Tectonic's exposure of an unauthenticated API endpoint containing information regarding the internal state of the cluster can provide an attacker with information that may assist in other attacks against the cluster. For example, an attacker may not have the permissions required to list all namespaces in the cluster but can instead leverage this vulnerability to enumerate the namespaces and then begin to check each namespace for weak authorization policies that may allow further escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://coreos.com/blog/tectonic-namespace-information-disclosure-vulnerability-patched", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://coreos.com/blog/tectonic-namespace-information-disclosure-vulnerability-patched" "lang": "eng",
}, "value": "CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users are able to list all Namespaces through the Console, resulting in an information disclosure. Tectonic's exposure of an unauthenticated API endpoint containing information regarding the internal state of the cluster can provide an attacker with information that may assist in other attacks against the cluster. For example, an attacker may not have the permissions required to list all namespaces in the cluster but can instead leverage this vulnerability to enumerate the namespaces and then begin to check each namespace for weak authorization policies that may allow further escalation of privileges."
{ }
"name" : "https://coreos.com/tectonic/releases/#1.8.4-tectonic.3", ]
"refsource" : "CONFIRM", },
"url" : "https://coreos.com/tectonic/releases/#1.8.4-tectonic.3" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://coreos.com/blog/tectonic-namespace-information-disclosure-vulnerability-patched",
"refsource": "CONFIRM",
"url": "https://coreos.com/blog/tectonic-namespace-information-disclosure-vulnerability-patched"
},
{
"name": "https://coreos.com/tectonic/releases/#1.8.4-tectonic.3",
"refsource": "CONFIRM",
"url": "https://coreos.com/tectonic/releases/#1.8.4-tectonic.3"
}
]
}
}

120
2018/5xxx/CVE-2018-5770.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5770", "ID": "CVE-2018-5770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/" "lang": "eng",
} "value": "An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/",
"refsource": "MISC",
"url": "https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/"
}
]
}
}

122
2018/5xxx/CVE-2018-5828.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2018-5828", "ID": "CVE-2018-5828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
} "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}