admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:17:16 +00:00
parent e3d776c5d8
commit 3af2e9d0ea
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3472 additions and 3472 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2006/0xxx/CVE-2006-0059.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-0059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/JGEI-6MMS9T",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/JGEI-6MMS9T"
},
{
"name" : "http://www.digitalbond.com/SCADA_Blog/2006/05/us-cert-livedata-iccp-vulnerability.html",
"refsource" : "MISC",
"url" : "http://www.digitalbond.com/SCADA_Blog/2006/05/us-cert-livedata-iccp-vulnerability.html"
},
{
"name" : "VU#190617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/190617"
},
{
"name" : "18010",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18010"
},
{
"name" : "ADV-2006-1830",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1830"
},
{
"name" : "1016113",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016113"
},
{
"name" : "20146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20146"
},
{
"name" : "livedata-iccp-rfc1006-bo(26490)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26490"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016113",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016113"
},
{
"name": "http://www.digitalbond.com/SCADA_Blog/2006/05/us-cert-livedata-iccp-vulnerability.html",
"refsource": "MISC",
"url": "http://www.digitalbond.com/SCADA_Blog/2006/05/us-cert-livedata-iccp-vulnerability.html"
},
{
"name": "ADV-2006-1830",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1830"
},
{
"name": "livedata-iccp-rfc1006-bo(26490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26490"
},
{
"name": "20146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20146"
},
{
"name": "VU#190617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/190617"
},
{
"name": "http://www.kb.cert.org/vuls/id/JGEI-6MMS9T",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/JGEI-6MMS9T"
},
{
"name": "18010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18010"
}
]
}
}

178
2006/3xxx/CVE-2006-3443.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka \"User Profile Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051"
},
{
"name" : "VU#337244",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/337244"
},
{
"name" : "19375",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19375"
},
{
"name" : "ADV-2006-3216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3216"
},
{
"name" : "oval:org.mitre.oval:def:155",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A155"
},
{
"name" : "1016662",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016662"
},
{
"name" : "21417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21417"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka \"User Profile Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016662"
},
{
"name": "MS06-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051"
},
{
"name": "oval:org.mitre.oval:def:155",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A155"
},
{
"name": "21417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21417"
},
{
"name": "ADV-2006-3216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3216"
},
{
"name": "19375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19375"
},
{
"name": "VU#337244",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/337244"
}
]
}
}

178
2006/3xxx/CVE-2006-3594.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
},
{
"name" : "18952",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18952"
},
{
"name" : "ADV-2006-2774",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2774"
},
{
"name" : "27162",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27162"
},
{
"name" : "1016475",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016475"
},
{
"name" : "21030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21030"
},
{
"name" : "cisco-callmanager-sip-hostname-bo(27691)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27691"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016475",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016475"
},
{
"name": "18952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18952"
},
{
"name": "27162",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27162"
},
{
"name": "20060712 Multiple Cisco Unified CallManager Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml"
},
{
"name": "ADV-2006-2774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2774"
},
{
"name": "cisco-callmanager-sip-hostname-bo(27691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27691"
},
{
"name": "21030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21030"
}
]
}
}

148
2006/3xxx/CVE-2006-3943.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"name" : "19184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19184"
},
{
"name" : "27530",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27530"
},
{
"name" : "ie-rgb-properties-dos(28046)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-27-ndfxarteffects-rgbextracolor.html"
},
{
"name": "ie-rgb-properties-dos(28046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28046"
},
{
"name": "27530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27530"
},
{
"name": "19184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19184"
}
]
}
}

208
2006/3xxx/CVE-2006-3966.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060731 MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441734/100/0/threaded"
},
{
"name" : "http://www.bb-pcsecurity.de/sicherheit_266.htm",
"refsource" : "MISC",
"url" : "http://www.bb-pcsecurity.de/sicherheit_266.htm"
},
{
"name" : "2096",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2096"
},
{
"name" : "19258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19258"
},
{
"name" : "ADV-2006-3073",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3073"
},
{
"name" : "27666",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27666"
},
{
"name" : "1016613",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016613"
},
{
"name" : "21263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21263"
},
{
"name" : "1316",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1316"
},
{
"name" : "mynewsgroups-myngroot-file-include(28091)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28091"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19258"
},
{
"name": "27666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27666"
},
{
"name": "2096",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2096"
},
{
"name": "20060731 MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441734/100/0/threaded"
},
{
"name": "mynewsgroups-myngroot-file-include(28091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28091"
},
{
"name": "ADV-2006-3073",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3073"
},
{
"name": "1016613",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016613"
},
{
"name": "1316",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1316"
},
{
"name": "http://www.bb-pcsecurity.de/sicherheit_266.htm",
"refsource": "MISC",
"url": "http://www.bb-pcsecurity.de/sicherheit_266.htm"
},
{
"name": "21263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21263"
}
]
}
}

198
2006/4xxx/CVE-2006-4134.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability related to a \"design flaw\" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060810 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442838/100/0/threaded"
},
{
"name" : "20060810 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS)",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=bugtraq&m=115524314804055&w=2"
},
{
"name" : "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Denial_of_Service.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Denial_of_Service.pdf"
},
{
"name" : "19469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19469"
},
{
"name" : "ADV-2006-3267",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3267"
},
{
"name" : "1016675",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016675"
},
{
"name" : "21448",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21448"
},
{
"name" : "1390",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1390"
},
{
"name" : "sap-igs-http-dos(28328)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28328"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability related to a \"design flaw\" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060810 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=bugtraq&m=115524314804055&w=2"
},
{
"name": "19469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19469"
},
{
"name": "ADV-2006-3267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3267"
},
{
"name": "1016675",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016675"
},
{
"name": "1390",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1390"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Denial_of_Service.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Denial_of_Service.pdf"
},
{
"name": "20060810 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442838/100/0/threaded"
},
{
"name": "21448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21448"
},
{
"name": "sap-igs-http-dos(28328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28328"
}
]
}
}

168
2006/4xxx/CVE-2006-4329.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060823 source VERIFY of Shadows Rising RPG file include",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-August/000986.html"
},
{
"name" : "2229",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2229"
},
{
"name" : "19608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19608"
},
{
"name" : "28282",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28282"
},
{
"name" : "28283",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28283"
},
{
"name" : "shadowsrising-configgameroot-file-include(28478)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28478"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shadowsrising-configgameroot-file-include(28478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28478"
},
{
"name": "28282",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28282"
},
{
"name": "28283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28283"
},
{
"name": "2229",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2229"
},
{
"name": "20060823 source VERIFY of Shadows Rising RPG file include",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-August/000986.html"
},
{
"name": "19608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19608"
}
]
}
}

158
2006/4xxx/CVE-2006-4654.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or \"compromise the server\" via encoded format string specifiers in the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060904 Easy Address Book Web Server Format String Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445262/100/0/threaded"
},
{
"name" : "19842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19842"
},
{
"name" : "21959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21959"
},
{
"name" : "1529",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1529"
},
{
"name" : "easyaddressbook-url-format-string(28752)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28752"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or \"compromise the server\" via encoded format string specifiers in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1529",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1529"
},
{
"name": "19842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19842"
},
{
"name": "easyaddressbook-url-format-string(28752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28752"
},
{
"name": "20060904 Easy Address Book Web Server Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445262/100/0/threaded"
},
{
"name": "21959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21959"
}
]
}
}

32
2006/4xxx/CVE-2006-4791.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4791",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4791",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2006/4xxx/CVE-2006-4959.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446566/100/0/threaded"
},
{
"name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555",
"refsource" : "MISC",
"url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"
},
{
"name" : "20135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20135"
},
{
"name" : "ADV-2006-3739",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3739"
},
{
"name" : "1016900",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016900"
},
{
"name" : "22037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22037"
},
{
"name" : "1623",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1623"
},
{
"name" : "sun-ssgd-script-information-disclosure(29076)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29076"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016900",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016900"
},
{
"name": "sun-ssgd-script-information-disclosure(29076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29076"
},
{
"name": "22037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22037"
},
{
"name": "20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446566/100/0/threaded"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"
},
{
"name": "1623",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1623"
},
{
"name": "ADV-2006-3739",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3739"
},
{
"name": "20135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20135"
}
]
}
}

168
2006/6xxx/CVE-2006-6083.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061121 creadirectory [injection sql & xss]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452241/100/0/threaded"
},
{
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=54",
"refsource" : "MISC",
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=54"
},
{
"name" : "21230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21230"
},
{
"name" : "ADV-2006-4665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4665"
},
{
"name" : "23067",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23067"
},
{
"name" : "creadirectory-search-sql-injection(30471)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30471"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "creadirectory-search-sql-injection(30471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30471"
},
{
"name": "21230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21230"
},
{
"name": "ADV-2006-4665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4665"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=54",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=54"
},
{
"name": "23067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23067"
},
{
"name": "20061121 creadirectory [injection sql & xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452241/100/0/threaded"
}
]
}
}

158
2006/6xxx/CVE-2006-6671.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061219 Burak Yilmaz Download Portal Sql Injection Vuln.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454857/100/0/threaded"
},
{
"name" : "21676",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21676"
},
{
"name" : "ADV-2006-5085",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5085"
},
{
"name" : "23447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23447"
},
{
"name" : "2055",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2055"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21676"
},
{
"name": "23447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23447"
},
{
"name": "20061219 Burak Yilmaz Download Portal Sql Injection Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454857/100/0/threaded"
},
{
"name": "2055",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2055"
},
{
"name": "ADV-2006-5085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5085"
}
]
}
}

178
2006/6xxx/CVE-2006-6679.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061113 Chetcpasswd 2.x: multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116371297325564&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649"
},
{
"name" : "21102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21102"
},
{
"name" : "30544",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30544"
},
{
"name" : "22967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22967"
},
{
"name" : "chetcpasswd-xforwardedfor-security-bypass(30451)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30451"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649"
},
{
"name": "30544",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30544"
},
{
"name": "22967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22967"
},
{
"name": "21102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21102"
},
{
"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"
},
{
"name": "chetcpasswd-xforwardedfor-security-bypass(30451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30451"
}
]
}
}

118
2006/7xxx/CVE-2006-7164.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PQ91033",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013029"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PQ91033",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013029"
}
]
}
}

178
2010/2xxx/CVE-2010-2536.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a \"universal XSS\" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100721 Re: Universal XSS in Rekonq",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127973502617945&w=2"
},
{
"name" : "[oss-security] 20100721 Universal XSS in Rekonq",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127971194610788&w=2"
},
{
"name" : "https://bugs.kde.org/show_bug.cgi?id=217464",
"refsource" : "CONFIRM",
"url" : "https://bugs.kde.org/show_bug.cgi?id=217464"
},
{
"name" : "FEDORA-2010-15874",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html"
},
{
"name" : "66568",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/66568"
},
{
"name" : "40646",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40646"
},
{
"name" : "ADV-2010-2689",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2689"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a \"universal XSS\" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100721 Re: Universal XSS in Rekonq",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127973502617945&w=2"
},
{
"name": "40646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40646"
},
{
"name": "66568",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66568"
},
{
"name": "ADV-2010-2689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2689"
},
{
"name": "[oss-security] 20100721 Universal XSS in Rekonq",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127971194610788&w=2"
},
{
"name": "https://bugs.kde.org/show_bug.cgi?id=217464",
"refsource": "CONFIRM",
"url": "https://bugs.kde.org/show_bug.cgi?id=217464"
},
{
"name": "FEDORA-2010-15874",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html"
}
]
}
}

158
2010/2xxx/CVE-2010-2744.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka \"Win32k Window Class Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15894",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15894"
},
{
"name" : "http://mista.nu/blog/2010/12/01/windows-class-handling-gone-wrong/",
"refsource" : "MISC",
"url" : "http://mista.nu/blog/2010/12/01/windows-class-handling-gone-wrong/"
},
{
"name" : "MS10-073",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-073"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:12085",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12085"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka \"Win32k Window Class Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12085"
},
{
"name": "http://mista.nu/blog/2010/12/01/windows-class-handling-gone-wrong/",
"refsource": "MISC",
"url": "http://mista.nu/blog/2010/12/01/windows-class-handling-gone-wrong/"
},
{
"name": "15894",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15894"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "MS10-073",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-073"
}
]
}
}

138
2010/2xxx/CVE-2010-2910.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14462",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14462"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt"
},
{
"name" : "oziogallery-index-sql-injection(60618)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60618"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oziogallery-index-sql-injection(60618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60618"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt"
},
{
"name": "14462",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14462"
}
]
}
}

208
2011/0xxx/CVE-2011-0562.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516399/100/0/threaded"
},
{
"name" : "http://www.acrossecurity.com/aspr/ASPR-2011-02-11-1-PUB.txt",
"refsource" : "MISC",
"url" : "http://www.acrossecurity.com/aspr/ASPR-2011-02-11-1-PUB.txt"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "46252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46252"
},
{
"name" : "oval:org.mitre.oval:def:12555",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12555"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2011-02-11-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2011-02-11-1-PUB.txt"
},
{
"name": "20110211 ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516399/100/0/threaded"
},
{
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name": "oval:org.mitre.oval:def:12555",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12555"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "46252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46252"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

118
2011/0xxx/CVE-2011-0804.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

118
2011/0xxx/CVE-2011-0806.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

188
2011/0xxx/CVE-2011-0986.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83",
"refsource" : "CONFIRM",
"url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83"
},
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php"
},
{
"name" : "FEDORA-2011-1373",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html"
},
{
"name" : "FEDORA-2011-1408",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html"
},
{
"name" : "MDVSA-2011:026",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:026"
},
{
"name" : "43478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43478"
},
{
"name" : "ADV-2011-0385",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0385"
},
{
"name" : "phpmyadmin-readme-path-disclosure(65424)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65424"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpmyadmin-readme-path-disclosure(65424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65424"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83"
},
{
"name": "ADV-2011-0385",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0385"
},
{
"name": "FEDORA-2011-1408",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html"
},
{
"name": "MDVSA-2011:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:026"
},
{
"name": "FEDORA-2011-1373",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php"
},
{
"name": "43478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43478"
}
]
}
}

32
2011/1xxx/CVE-2011-1150.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1150",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1150",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2011/1xxx/CVE-2011-1654.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110413 CA20110413-01: Security Notice for CA Total Defense",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517494/100/0/threaded"
},
{
"name" : "20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517488/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-126/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"
},
{
"name" : "47357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47357"
},
{
"name" : "1025353",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025353"
},
{
"name" : "44097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44097"
},
{
"name" : "ADV-2011-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0977"
},
{
"name" : "totaldefense-fileuploadhandler-file-upload(66726)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44097"
},
{
"name": "totaldefense-fileuploadhandler-file-upload(66726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726"
},
{
"name": "ADV-2011-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0977"
},
{
"name": "1025353",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025353"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"
},
{
"name": "47357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47357"
},
{
"name": "20110413 ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/"
},
{
"name": "20110413 CA20110413-01: Security Notice for CA Total Defense",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"
}
]
}
}

218
2011/1xxx/CVE-2011-1719.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110421 CA20110420-02: Security Notice for CA Output Management Web Viewer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517625/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2011-34/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-34/"
},
{
"name" : "http://secunia.com/secunia_research/2011-35/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-35/"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}"
},
{
"name" : "47521",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47521"
},
{
"name" : "1025424",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025424"
},
{
"name" : "43681",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43681"
},
{
"name" : "8226",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8226"
},
{
"name" : "ADV-2011-1066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1066"
},
{
"name" : "ca-output-ppsviewer-bo(66904)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66904"
},
{
"name" : "ca-output-uomwvhelper-bo(66903)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66903"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-output-ppsviewer-bo(66904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66904"
},
{
"name": "43681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43681"
},
{
"name": "20110421 CA20110420-02: Security Notice for CA Output Management Web Viewer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517625/100/0/threaded"
},
{
"name": "ADV-2011-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1066"
},
{
"name": "1025424",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025424"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}"
},
{
"name": "http://secunia.com/secunia_research/2011-35/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-35/"
},
{
"name": "47521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47521"
},
{
"name": "ca-output-uomwvhelper-bo(66903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66903"
},
{
"name": "http://secunia.com/secunia_research/2011-34/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-34/"
},
{
"name": "8226",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8226"
}
]
}
}

32
2011/4xxx/CVE-2011-4391.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4391",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4391",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

138
2011/4xxx/CVE-2011-4502.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.upnp-hacks.org/devices.html",
"refsource" : "MISC",
"url" : "http://www.upnp-hacks.org/devices.html"
},
{
"name" : "http://www.upnp-hacks.org/suspect.html",
"refsource" : "MISC",
"url" : "http://www.upnp-hacks.org/suspect.html"
},
{
"name" : "VU#357851",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/devices.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "http://www.upnp-hacks.org/suspect.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}

188
2011/4xxx/CVE-2011-4878.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18166",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18166"
},
{
"name" : "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name" : "77383",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77383"
},
{
"name" : "simatic-miniweb-directory-traversal(71452)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "simatic-miniweb-directory-traversal(71452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77383"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}

138
2011/5xxx/CVE-2011-5032.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "77747",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77747"
},
{
"name" : "46872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46872"
},
{
"name" : "winmount-ioctl-dos(71764)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71764"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77747",
"refsource": "OSVDB",
"url": "http://osvdb.org/77747"
},
{
"name": "46872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46872"
},
{
"name": "winmount-ioctl-dos(71764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71764"
}
]
}
}

178
2014/2xxx/CVE-2014-2587.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32368",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32368"
},
{
"name" : "20140318 McAfee Cloud SSO and McAfee Asset Manager vulns",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Mar/325"
},
{
"name" : "http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html"
},
{
"name" : "66302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66302"
},
{
"name" : "104634",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/104634"
},
{
"name" : "1029927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029927"
},
{
"name" : "mcafee-asset-reportsaudit-sql-injection(91929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91929"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html"
},
{
"name": "mcafee-asset-reportsaudit-sql-injection(91929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91929"
},
{
"name": "66302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66302"
},
{
"name": "1029927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029927"
},
{
"name": "104634",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/104634"
},
{
"name": "20140318 McAfee Cloud SSO and McAfee Asset Manager vulns",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/325"
},
{
"name": "32368",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32368"
}
]
}
}

148
2014/3xxx/CVE-2014-3083.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681249"
},
{
"name" : "PI17768",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI17768"
},
{
"name" : "69298",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69298"
},
{
"name" : "ibm-websphere-cve20143083-info-disc(93954)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93954"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69298"
},
{
"name": "ibm-websphere-cve20143083-info-disc(93954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93954"
},
{
"name": "PI17768",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI17768"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681249"
}
]
}
}

148
2014/3xxx/CVE-2014-3549.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140721 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=264271",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=264271"
},
{
"name" : "68761",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68761"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68761"
},
{
"name": "[oss-security] 20140721 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=264271",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=264271"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201"
}
]
}
}

128
2014/3xxx/CVE-2014-3906.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#20812625",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN20812625/index.html"
},
{
"name" : "JVNDB-2014-000099",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000099"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000099",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000099"
},
{
"name": "JVN#20812625",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20812625/index.html"
}
]
}
}

178
2014/3xxx/CVE-2014-3936.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug",
"refsource" : "MISC",
"url" : "http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug"
},
{
"name" : "http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html"
},
{
"name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027",
"refsource" : "CONFIRM",
"url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027"
},
{
"name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029",
"refsource" : "CONFIRM",
"url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029"
},
{
"name" : "67651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67651"
},
{
"name" : "58728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58728"
},
{
"name" : "58972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58972"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10027"
},
{
"name": "http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug",
"refsource": "MISC",
"url": "http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug"
},
{
"name": "58728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58728"
},
{
"name": "http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127427/D-Link-HNAP-Request-Remote-Buffer-Overflow.html"
},
{
"name": "58972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58972"
},
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10029"
},
{
"name": "67651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67651"
}
]
}
}

32
2014/6xxx/CVE-2014-6249.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6249",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6249",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2014/6xxx/CVE-2014-6365.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka \"Internet Explorer XSS Filter Bypass Vulnerability,\" a different vulnerability than CVE-2014-6328."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-080",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka \"Internet Explorer XSS Filter Bypass Vulnerability,\" a different vulnerability than CVE-2014-6328."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}

138
2014/6xxx/CVE-2014-6978.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#642337",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/642337"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#642337",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/642337"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7090.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#996801",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/996801"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#996801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/996801"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

32
2014/7xxx/CVE-2014-7599.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7599",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7599",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/7xxx/CVE-2014-7886.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7886",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7886",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/7xxx/CVE-2014-7974.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7974",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7974",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2016/2xxx/CVE-2016-2276.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2276",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2276",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

32
2016/2xxx/CVE-2016-2713.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2713",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2713",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

32
2017/0xxx/CVE-2017-0961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0961",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0961",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2017/18xxx/CVE-2017-18224.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f"
},
{
"name" : "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f"
},
{
"name" : "DSA-4188",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4188"
},
{
"name" : "103353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103353"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f"
},
{
"name": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "103353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103353"
}
]
}
}

356
2017/1xxx/CVE-2017-1493.json
View File

@ -1,181 +1,181 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-04T00:00:00",
"ID" : "CVE-2017-1493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UrbanCode Deploy",
"version" : {
"version_data" : [
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.1"
},
{
"version_value" : "6.1.0.1"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "6.1.0.4"
},
{
"version_value" : "6.1.1"
},
{
"version_value" : "6.1.1.1"
},
{
"version_value" : "6.1.1.2"
},
{
"version_value" : "6.1.1.3"
},
{
"version_value" : "6.1.1.4"
},
{
"version_value" : "6.1.1.5"
},
{
"version_value" : "6.1.1.6"
},
{
"version_value" : "6.1.1.7"
},
{
"version_value" : "6.1.2"
},
{
"version_value" : "6.1.1.8"
},
{
"version_value" : "6.1.3"
},
{
"version_value" : "6.1.3.1"
},
{
"version_value" : "6.2"
},
{
"version_value" : "6.2.0.1"
},
{
"version_value" : "6.1.3.2"
},
{
"version_value" : "6.2.0.2"
},
{
"version_value" : "6.2.1"
},
{
"version_value" : "6.2.1.1"
},
{
"version_value" : "6.1.3.3"
},
{
"version_value" : "6.2.1.2"
},
{
"version_value" : "6.2.2"
},
{
"version_value" : "6.2.2.1"
},
{
"version_value" : "6.2.3.0"
},
{
"version_value" : "6.2.3.1"
},
{
"version_value" : "6.1.3.4"
},
{
"version_value" : "6.1.3.5"
},
{
"version_value" : "6.2.4"
},
{
"version_value" : "6.1.3.6"
},
{
"version_value" : "6.2.4.1"
},
{
"version_value" : "6.2.4.2"
},
{
"version_value" : "6.2.5"
},
{
"version_value" : "6.2.5.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-04T00:00:00",
"ID": "CVE-2017-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
},
{
"version_value": "6.2.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.1.3.4"
},
{
"version_value": "6.1.3.5"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.1.3.6"
},
{
"version_value": "6.2.4.1"
},
{
"version_value": "6.2.4.2"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.5.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000367",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
},
{
"name" : "102483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102483"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
},
{
"name": "102483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102483"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
}
]
}
}

186
2017/1xxx/CVE-2017-1575.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-17T00:00:00",
"ID" : "CVE-2017-1575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0"
},
{
"version_value" : "2.2.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-07-17T00:00:00",
"ID": "CVE-2017-1575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2.0"
},
{
"version_value": "2.2.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716997",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716997"
},
{
"name" : "104885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104885"
},
{
"name" : "ibm-sterling-cve20171575-info-disc(132032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132032"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.100",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104885"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10716997",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10716997"
},
{
"name": "ibm-sterling-cve20171575-info-disc(132032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132032"
}
]
}
}

32
2017/1xxx/CVE-2017-1614.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1614",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1614",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/1xxx/CVE-2017-1890.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1890",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1890",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

118
2017/5xxx/CVE-2017-5247.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Biscom Secure File Transfer",
"version" : {
"version_data" : [
{
"version_value" : "5.1.1026 and prior"
}
]
}
}
]
},
"vendor_name" : "Biscom"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Biscom Secure File Transfer",
"version": {
"version_data": [
{
"version_value": "5.1.1026 and prior"
}
]
}
}
]
},
"vendor_name": "Biscom"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twitter.com/i_bo0om/status/885050741567750145",
"refsource" : "MISC",
"url" : "https://twitter.com/i_bo0om/status/885050741567750145"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/i_bo0om/status/885050741567750145",
"refsource": "MISC",
"url": "https://twitter.com/i_bo0om/status/885050741567750145"
}
]
}
}

128
2017/5xxx/CVE-2017-5481.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://success.trendmicro.com/solution/1117204",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1117204"
},
{
"name" : "98007",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98007"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98007"
},
{
"name": "https://success.trendmicro.com/solution/1117204",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117204"
}
]
}
}

128
2017/5xxx/CVE-2017-5619.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zammad.com/de/news/security-advisory-zaa-2017-01",
"refsource" : "CONFIRM",
"url" : "https://zammad.com/de/news/security-advisory-zaa-2017-01"
},
{
"name" : "96937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96937"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96937"
},
{
"name": "https://zammad.com/de/news/security-advisory-zaa-2017-01",
"refsource": "CONFIRM",
"url": "https://zammad.com/de/news/security-advisory-zaa-2017-01"
}
]
}
}