admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:51:13 +00:00
parent ade6e5a5f9
commit 3c4e608ba4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 3824 additions and 3824 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0001.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0001", "ID": "CVE-2001-0001",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html" "lang": "eng",
}, "value": "cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie."
{ }
"name" : "php-nuke-elevate-privileges(6183)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6183" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "php-nuke-elevate-privileges(6183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6183"
},
{
"name": "20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html"
}
]
}
}

150
2001/0xxx/CVE-2001-0231.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0231", "ID": "CVE-2001-0231",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the \"t\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010103 News Desk 1.2 CGI Vulnerbility", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the \"t\" parameter."
{ }
"name" : "VU#496064", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/496064" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2172", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2172" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "newsdesk-cgi-read-files(5898)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5898" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20010103 News Desk 1.2 CGI Vulnerbility",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html"
},
{
"name": "newsdesk-cgi-read-files(5898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5898"
},
{
"name": "VU#496064",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/496064"
},
{
"name": "2172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2172"
}
]
}
}

140
2001/0xxx/CVE-2001-0243.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0243", "ID": "CVE-2001-0243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS01-029", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-029" "lang": "eng",
}, "value": "Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files."
{ }
"name" : "mediaplayer-html-shortcut(6584)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6584" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2765", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2765" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS01-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-029"
},
{
"name": "mediaplayer-html-shortcut(6584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6584"
},
{
"name": "2765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2765"
}
]
}
}

130
2001/0xxx/CVE-2001-0809.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0809", "ID": "CVE-2001-0809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0106-155", "description_data": [
"refsource" : "HP", {
"url" : "http://archives.neohapsis.com/archives/hp/2001-q2/0074.html" "lang": "eng",
}, "value": "Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources."
{ }
"name" : "oval:org.mitre.oval:def:5673", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5673" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX0106-155",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q2/0074.html"
},
{
"name": "oval:org.mitre.oval:def:5673",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5673"
}
]
}
}

140
2001/1xxx/CVE-2001-1222.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1222", "ID": "CVE-2001-1222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011221 twlc advisory: plesk (psa) allows reading of .php files", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/246861" "lang": "eng",
}, "value": "Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain."
{ }
"name" : "3737", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3737" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "psa-php-reveal-source(7735)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7735.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20011221 twlc advisory: plesk (psa) allows reading of .php files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/246861"
},
{
"name": "3737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3737"
},
{
"name": "psa-php-reveal-source(7735)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7735.php"
}
]
}
}

140
2001/1xxx/CVE-2001-1461.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1461", "ID": "CVE-2001-1461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \\.. sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#348040", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/348040" "lang": "eng",
}, "value": "Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \\.. sequences."
{ }
"name" : "3461", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3461" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "securid-webid-unicode-traversal(7397)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7397" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#348040",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/348040"
},
{
"name": "securid-webid-unicode-traversal(7397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7397"
},
{
"name": "3461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3461"
}
]
}
}

150
2001/1xxx/CVE-2001-1481.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1481", "ID": "CVE-2001-1481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011126 Xitami Webserver stores admin password in clear text.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/242375" "lang": "eng",
}, "value": "Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges."
{ }
"name" : "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html", ]
"refsource" : "MISC", },
"url" : "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3582", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3582" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "xitami-default-password-plaintext(7600)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7600" ]
} },
] "references": {
} "reference_data": [
} {
"name": "3582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3582"
},
{
"name": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html"
},
{
"name": "20011126 Xitami Webserver stores admin password in clear text.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/242375"
},
{
"name": "xitami-default-password-plaintext(7600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7600"
}
]
}
}

180
2006/2xxx/CVE-2006-2185.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2185", "ID": "CVE-2006-2185",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm" "lang": "eng",
}, "value": "PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges."
{ }
"name" : "18017", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18017" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1829", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1829" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25780", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25780" ]
}, },
{ "references": {
"name" : "1016106", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016106" "name": "20288",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20288"
"name" : "20288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20288" "name": "25780",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/25780"
"name" : "netware-portal-information-disclosure(26488)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26488" "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm",
} "refsource": "CONFIRM",
] "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm"
} },
} {
"name": "1016106",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016106"
},
{
"name": "ADV-2006-1829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1829"
},
{
"name": "18017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18017"
},
{
"name": "netware-portal-information-disclosure(26488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26488"
}
]
}
}

210
2006/2xxx/CVE-2006-2304.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2304", "ID": "CVE-2006-2304",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060515 Novell NDPS Remote Vulnerability (Server & Client)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434017/100/0/threaded" "lang": "eng",
}, "value": "Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow."
{ }
"name" : "20060515 Novell NDPS Remote Vulnerability (Server & Client)", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.hustlelabs.com/novell_ndps_advisory.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.hustlelabs.com/novell_ndps_advisory.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm" ]
}, },
{ "references": {
"name" : "17931", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17931" "name": "1016052",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016052"
"name" : "ADV-2006-1759", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1759" "name": "20048",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20048"
"name" : "25429", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25429" "name": "ADV-2006-1759",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1759"
"name" : "1016052", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016052" "name": "http://www.hustlelabs.com/novell_ndps_advisory.pdf",
}, "refsource": "MISC",
{ "url": "http://www.hustlelabs.com/novell_ndps_advisory.pdf"
"name" : "20048", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20048" "name": "20060515 Novell NDPS Remote Vulnerability (Server & Client)",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html"
"name" : "novell-ndps-overflow(26314)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26314" "name": "novell-ndps-overflow(26314)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26314"
} },
} {
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm"
},
{
"name": "17931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17931"
},
{
"name": "20060515 Novell NDPS Remote Vulnerability (Server & Client)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434017/100/0/threaded"
},
{
"name": "25429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25429"
}
]
}
}

190
2006/2xxx/CVE-2006-2440.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2440", "ID": "CVE-2006-2440",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595" "lang": "eng",
}, "value": "Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function."
{ }
"name" : "DSA-1168", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1168" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2007:0015", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0015.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20070201-01-P", ]
"refsource" : "SGI", }
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:9481", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481" "name": "oval:org.mitre.oval:def:9481",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481"
"name" : "21719", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21719" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595"
"name" : "24186", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24186" "name": "DSA-1168",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1168"
"name" : "24284", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24284" "name": "24284",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/24284"
} },
} {
"name": "21719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21719"
},
{
"name": "RHSA-2007:0015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0015.html"
},
{
"name": "24186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24186"
},
{
"name": "20070201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
}
]
}
}

34
2006/6xxx/CVE-2006-6491.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-6491", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-6491",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none."
} }
] ]
} }
} }

140
2006/6xxx/CVE-2006-6659.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6659", "ID": "CVE-2006-6659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8", "description_data": [
"refsource" : "MISC", {
"url" : "http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8" "lang": "eng",
}, "value": "The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML."
{ }
"name" : "21649", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21649" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1017397", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017397" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "21649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21649"
},
{
"name": "http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8"
},
{
"name": "1017397",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017397"
}
]
}
}

140
2006/6xxx/CVE-2006-6721.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6721", "ID": "CVE-2006-6721",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21637.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21637.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter."
{ }
"name" : "21637", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21637" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23526", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23526" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/21637.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/21637.html"
},
{
"name": "23526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23526"
},
{
"name": "21637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21637"
}
]
}
}

120
2006/6xxx/CVE-2006-6725.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6725", "ID": "CVE-2006-6725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-5125", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/5125" "lang": "eng",
} "value": "Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5125",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5125"
}
]
}
}

170
2006/6xxx/CVE-2006-6779.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6779", "ID": "CVE-2006-6779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061224 XSS with Vbulletin (new idea !)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/455265/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript."
{ }
"name" : "20061227 Re: XSS with Vbulletin (new idea !)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/455351/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20061228 Re: XSS with Vbulletin (new idea !)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/455414/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21736", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/21736" ]
}, },
{ "references": {
"name" : "2084", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2084" "name": "20061224 XSS with Vbulletin (new idea !)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/455265/100/0/threaded"
"name" : "vbulletin-actionscript-xss(31119)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119" "name": "21736",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/21736"
} },
} {
"name": "20061227 Re: XSS with Vbulletin (new idea !)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455351/100/0/threaded"
},
{
"name": "2084",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2084"
},
{
"name": "20061228 Re: XSS with Vbulletin (new idea !)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455414/100/0/threaded"
},
{
"name": "vbulletin-actionscript-xss(31119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119"
}
]
}
}

190
2011/0xxx/CVE-2011-0021.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-0021", "ID": "CVE-2011-0021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110119 CVE request: heap corruption in VLC media player", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/01/19/6" "lang": "eng",
}, "value": "Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video."
{ }
"name" : "[oss-security] 20110120 Re: CVE request: heap corruption in VLC media player", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/01/20/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab", ]
"refsource" : "CONFIRM", }
"url" : "http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab" ]
}, },
{ "references": {
"name" : "45927", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45927" "name": "vlcmediaplayer-cdg-code-execution(64879)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879"
"name" : "oval:org.mitre.oval:def:12460", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460" "name": "oval:org.mitre.oval:def:12460",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460"
"name" : "ADV-2011-0185", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0185" "name": "ADV-2011-0185",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0185"
"name" : "vlcmediaplayer-cdg-code-execution(64879)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879" "name": "[oss-security] 20110120 Re: CVE request: heap corruption in VLC media player",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2011/01/20/3"
} },
} {
"name": "[oss-security] 20110119 CVE request: heap corruption in VLC media player",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/19/6"
},
{
"name": "45927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45927"
},
{
"name": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2",
"refsource": "CONFIRM",
"url": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab"
}
]
}
}

34
2011/0xxx/CVE-2011-0964.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0964", "ID": "CVE-2011-0964",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2011/2xxx/CVE-2011-2121.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2121", "ID": "CVE-2011-2121",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" "lang": "eng",
}, "value": "Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "TA11-166A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "73034", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/73034" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html"
},
{
"name": "TA11-166A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html"
},
{
"name": "73034",
"refsource": "OSVDB",
"url": "http://osvdb.org/73034"
}
]
}
}

130
2011/2xxx/CVE-2011-2238.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-2238", "ID": "CVE-2011-2238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL."
{ }
"name" : "TA11-201A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

280
2011/2xxx/CVE-2011-2365.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2365", "ID": "CVE-2011-2365",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=655742", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=655742" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100144854", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100144854" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100145333", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100145333" ]
}, },
{ "references": {
"name" : "DSA-2268", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2268" "name": "MDVSA-2011:111",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
"name" : "DSA-2269", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2269" "name": "45002",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45002"
"name" : "DSA-2273", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2273" "name": "http://support.avaya.com/css/P8/documents/100145333",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100145333"
"name" : "MDVSA-2011:111", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" "name": "USN-1149-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1149-1"
"name" : "RHSA-2011:0885", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html" "name": "http://support.avaya.com/css/P8/documents/100144854",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100144854"
"name" : "RHSA-2011:0886", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html" "name": "RHSA-2011:0887",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
"name" : "RHSA-2011:0887", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html" "name": "RHSA-2011:0885",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
"name" : "RHSA-2011:0888", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html" "name": "DSA-2268",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2268"
"name" : "SUSE-SA:2011:028", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" "name": "RHSA-2011:0888",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
"name" : "USN-1149-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1149-1" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html"
"name" : "48368", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48368" "name": "DSA-2269",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2269"
"name" : "oval:org.mitre.oval:def:14184", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14184" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=655742",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=655742"
"name" : "45002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45002" "name": "SUSE-SA:2011:028",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
} },
} {
"name": "48368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48368"
},
{
"name": "oval:org.mitre.oval:def:14184",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14184"
},
{
"name": "RHSA-2011:0886",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
},
{
"name": "DSA-2273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2273"
}
]
}
}

210
2011/2xxx/CVE-2011-2472.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2472", "ID": "CVE-2011-2472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/05/03/1" "lang": "eng",
}, "value": "Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760."
{ }
"name" : "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/05/10/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/05/10/7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2011/05/11/1" ]
}, },
{ "references": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212" "name": "[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/03/1"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700883", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700883" "name": "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/10/7"
"name" : "DSA-2254", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2254" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=700883",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700883"
"name" : "USN-1166-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1166-1" "name": "[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/05/11/1"
"name" : "45205", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45205" "name": "45205",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45205"
"name" : "oprofile-opcontrol-dir-traversal(67979)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67979" "name": "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2011/05/10/6"
} },
} {
"name": "USN-1166-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1166-1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212"
},
{
"name": "DSA-2254",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2254"
},
{
"name": "oprofile-opcontrol-dir-traversal(67979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67979"
}
]
}
}

240
2011/2xxx/CVE-2011-2821.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2821", "ID": "CVE-2011-2821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=89402", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=89402" "lang": "eng",
}, "value": "Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5281", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5281" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5503", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5503" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-05-09-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" "name": "MDVSA-2011:145",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:145"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "HPSBMU02786",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
"name" : "DSA-2394", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2394" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "HPSBMU02786", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "SSRT100877", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" "name": "RHSA-2013:0217",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
"name" : "MDVSA-2011:145", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:145" "name": "RHSA-2011:1749",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
"name" : "RHSA-2011:1749", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1749.html" "name": "oval:org.mitre.oval:def:13840",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840"
"name" : "RHSA-2013:0217", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html" "name": "http://code.google.com/p/chromium/issues/detail?id=89402",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=89402"
"name" : "oval:org.mitre.oval:def:13840", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840" "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html",
} "refsource": "CONFIRM",
] "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html"
} },
} {
"name": "SSRT100877",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "DSA-2394",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2394"
}
]
}
}

200
2011/2xxx/CVE-2011-2928.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2928", "ID": "CVE-2011-2928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/519387/100/0/threaded" "lang": "eng",
}, "value": "The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem."
{ }
"name" : "[oss-security] 20110819 CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2011/08/19/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110819 Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/08/19/5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt", ]
"refsource" : "MISC", }
"url" : "http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt" ]
}, },
{ "references": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338d0f0a6fbc82407864606f5b64b75aeb3c70f2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338d0f0a6fbc82407864606f5b64b75aeb3c70f2" "name": "[oss-security] 20110819 Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/08/19/5"
"name" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3" "name": "http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt",
}, "refsource": "MISC",
{ "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt"
"name" : "49256", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49256" "name": "49256",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49256"
"name" : "8360", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8360" "name": "[oss-security] 20110819 CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/08/19/1"
"name" : "linux-kernel-be-dos(69343)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69343" "name": "20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/519387/100/0/threaded"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338d0f0a6fbc82407864606f5b64b75aeb3c70f2",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338d0f0a6fbc82407864606f5b64b75aeb3c70f2"
},
{
"name": "linux-kernel-be-dos(69343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69343"
},
{
"name": "8360",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8360"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3"
}
]
}
}

130
2011/3xxx/CVE-2011-3448.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-3448", "ID": "CVE-2011-3448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5130", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5130" "lang": "eng",
}, "value": "Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding."
{ }
"name" : "APPLE-SA-2012-02-01-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
}
]
}
}

150
2011/3xxx/CVE-2011-3532.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-3532", "ID": "CVE-2011-3532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0.2, 6.0.0.3, and 6.0.0.4 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0.2, 6.0.0.3, and 6.0.0.4 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal."
{ }
"name" : "50227", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50227" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1026205", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026205" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oscps-apscp-sport-unspecified(70805)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70805" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1026205",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026205"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name": "oscps-apscp-sport-unspecified(70805)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70805"
},
{
"name": "50227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50227"
}
]
}
}

34
2011/3xxx/CVE-2011-3596.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3596", "ID": "CVE-2011-3596",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2011/3xxx/CVE-2011-3717.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3717", "ID": "CVE-2011-3717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/clipbucket_2.0.9_stable_Fr", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/clipbucket_2.0.9_stable_Fr" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/clipbucket_2.0.9_stable_Fr",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/clipbucket_2.0.9_stable_Fr"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

140
2011/3xxx/CVE-2011-3815.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3815", "ID": "CVE-2011-3815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0"
}
]
}
}

140
2011/4xxx/CVE-2011-4034.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2011-4034", "ID": "CVE-2011-4034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf" "lang": "eng",
}, "value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
{ }
"name" : "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695", ]
"refsource" : "CONFIRM", },
"url" : "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695"
}
]
}
}

34
2011/4xxx/CVE-2011-4641.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4641", "ID": "CVE-2011-4641",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2011/4xxx/CVE-2011-4711.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4711", "ID": "CVE-2011-4711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.namazu.org/security.html#", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.namazu.org/security.html#" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter."
{ }
"name" : "namazu-namazu-directory-traversal(71489)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71489" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.namazu.org/security.html#",
"refsource": "CONFIRM",
"url": "http://www.namazu.org/security.html#"
},
{
"name": "namazu-namazu-directory-traversal(71489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71489"
}
]
}
}

120
2011/4xxx/CVE-2011-4771.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4771", "ID": "CVE-2011-4771",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4771-vulnerability-in-ScanToPDF.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4771-vulnerability-in-ScanToPDF.html" "lang": "eng",
} "value": "The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4771-vulnerability-in-ScanToPDF.html",
"refsource": "MISC",
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4771-vulnerability-in-ScanToPDF.html"
}
]
}
}

270
2013/0xxx/CVE-2013-0787.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-0787", "ID": "CVE-2013-0787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", "description_data": [
"refsource" : "MISC", {
"url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" "lang": "eng",
}, "value": "Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call."
{ }
"name" : "http://twitter.com/VUPEN/statuses/309505403631325184", ]
"refsource" : "MISC", },
"url" : "http://twitter.com/VUPEN/statuses/309505403631325184" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://twitter.com/thezdi/statuses/309484730506698752", "description": [
"refsource" : "MISC", {
"url" : "http://twitter.com/thezdi/statuses/309484730506698752" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=848644", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=848644" "name": "USN-1758-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1758-1"
"name" : "DSA-2699", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2699" "name": "DSA-2699",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2699"
"name" : "RHSA-2013:0614", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0614.html" "name": "http://twitter.com/VUPEN/statuses/309505403631325184",
}, "refsource": "MISC",
{ "url": "http://twitter.com/VUPEN/statuses/309505403631325184"
"name" : "RHSA-2013:0627", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0627.html" "name": "oval:org.mitre.oval:def:16737",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737"
"name" : "openSUSE-SU-2013:0431", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html" "name": "http://twitter.com/thezdi/statuses/309484730506698752",
}, "refsource": "MISC",
{ "url": "http://twitter.com/thezdi/statuses/309484730506698752"
"name" : "SUSE-SU-2013:0470", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html" "name": "58391",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/58391"
"name" : "openSUSE-SU-2013:0465", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=848644",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=848644"
"name" : "openSUSE-SU-2013:0467", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html" "name": "RHSA-2013:0614",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0614.html"
"name" : "openSUSE-SU-2013:0468", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html" "name": "openSUSE-SU-2013:0468",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html"
"name" : "USN-1758-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1758-1" "name": "openSUSE-SU-2013:0465",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html"
"name" : "58391", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58391" "name": "openSUSE-SU-2013:0467",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html"
"name" : "oval:org.mitre.oval:def:16737", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737" "name": "openSUSE-SU-2013:0431",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html"
} },
} {
"name": "SUSE-SU-2013:0470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html"
},
{
"name": "RHSA-2013:0627",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0627.html"
},
{
"name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157",
"refsource": "MISC",
"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157"
}
]
}
}

140
2013/1xxx/CVE-2013-1273.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1273", "ID": "CVE-2013-1273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-016", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" "lang": "eng",
}, "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016."
{ }
"name" : "TA13-043B", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16490", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16490" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016"
},
{
"name": "oval:org.mitre.oval:def:16490",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16490"
},
{
"name": "TA13-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
}
]
}
}

180
2013/1xxx/CVE-2013-1807.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1807", "ID": "CVE-2013-1807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Feb/154" "lang": "eng",
}, "value": "PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/."
{ }
"name" : "[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/03/03/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/03/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" ]
}, },
{ "references": {
"name" : "http://www.waraxe.us/advisory-97.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.waraxe.us/advisory-97.html" "name": "http://www.waraxe.us/advisory-97.html",
}, "refsource": "MISC",
{ "url": "http://www.waraxe.us/advisory-97.html"
"name" : "http://www.php-fusion.co.uk/news.php?readmore=569", },
"refsource" : "CONFIRM", {
"url" : "http://www.php-fusion.co.uk/news.php?readmore=569" "name": "[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/03/03/2"
"name" : "90691", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/90691" "name": "[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2013/03/03/1"
} },
} {
"name": "90691",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/90691"
},
{
"name": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html"
},
{
"name": "http://www.php-fusion.co.uk/news.php?readmore=569",
"refsource": "CONFIRM",
"url": "http://www.php-fusion.co.uk/news.php?readmore=569"
},
{
"name": "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Feb/154"
}
]
}
}

180
2013/1xxx/CVE-2013-1812.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1812", "ID": "CVE-2013-1812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130302 Re: CVE request: ruby-openid XML denial of service attack", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/03/8" "lang": "eng",
}, "value": "The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=918134", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=918134" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed" ]
}, },
{ "references": {
"name" : "https://github.com/openid/ruby-openid/pull/43", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openid/ruby-openid/pull/43" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=918134",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918134"
"name" : "FEDORA-2013-20238", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html" "name": "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md"
"name" : "FEDORA-2013-20260", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html" "name": "FEDORA-2013-20238",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html"
} },
} {
"name": "https://github.com/openid/ruby-openid/pull/43",
"refsource": "CONFIRM",
"url": "https://github.com/openid/ruby-openid/pull/43"
},
{
"name": "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed",
"refsource": "CONFIRM",
"url": "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed"
},
{
"name": "FEDORA-2013-20260",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html"
},
{
"name": "[oss-security] 20130302 Re: CVE request: ruby-openid XML denial of service attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/8"
}
]
}
}

120
2013/5xxx/CVE-2013-5182.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5182", "ID": "CVE-2013-5182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2013-10-22-3", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" "lang": "eng",
} "value": "Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
}
]
}
}

120
2013/5xxx/CVE-2013-5690.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5690", "ID": "CVE-2013-5690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130930 Open-Xchange Security Advisory 2013-09-30", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/528940" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/528940"
}
]
}
}

120
2013/5xxx/CVE-2013-5779.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5779", "ID": "CVE-2013-5779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors related to PIA Core Technology."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
} "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors related to PIA Core Technology."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
]
}
}

120
2014/2xxx/CVE-2014-2171.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-2171", "ID": "CVE-2014-2171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" "lang": "eng",
} "value": "Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte"
}
]
}
}

120
2014/2xxx/CVE-2014-2675.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2675", "ID": "CVE-2014-2675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/", "description_data": [
"refsource" : "MISC", {
"url" : "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/"
}
]
}
}

120
2014/6xxx/CVE-2014-6329.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-6329", "ID": "CVE-2014-6329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-6327 and CVE-2014-6376."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-080", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080" "lang": "eng",
} "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-6327 and CVE-2014-6376."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}

140
2014/6xxx/CVE-2014-6765.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6765", "ID": "CVE-2014-6765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application 1.0035.b0035 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application 1.0035.b0035 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#494937", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/494937" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#494937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/494937"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6986.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6986", "ID": "CVE-2014-6986",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#504969", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/504969" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#504969",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/504969"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2017/0xxx/CVE-2017-0053.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0053", "ID": "CVE-2017-0053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Office", "product_name": "Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer" "version_value": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053" "lang": "eng",
}, "value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
{ }
"name" : "96745", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96745" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038010", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038010" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038010"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
},
{
"name": "96745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96745"
}
]
}
}

150
2017/0xxx/CVE-2017-0118.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0118", "ID": "CVE-2017-0118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Uniscribe", "product_name": "Windows Uniscribe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41655", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41655/" "lang": "eng",
}, "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96680", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96680" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1037992", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037992" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118"
},
{
"name": "96680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96680"
},
{
"name": "1037992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037992"
},
{
"name": "41655",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41655/"
}
]
}
}

140
2017/0xxx/CVE-2017-0338.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"ID" : "CVE-2017-0338", "ID": "CVE-2017-0338",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33057977. References: N-CVE-2017-0338."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33057977. References: N-CVE-2017-0338."
{ }
"name" : "96723", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96723" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037968", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96723"
},
{
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
}
]
}
}

34
2017/0xxx/CVE-2017-0743.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-0743", "ID": "CVE-2017-0743",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/0xxx/CVE-2017-0951.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-0951", "ID": "CVE-2017-0951",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

134
2017/1000xxx/CVE-2017-1000470.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-29", "DATE_ASSIGNED": "2017-12-29",
"ID" : "CVE-2017-1000470", "ID": "CVE-2017-1000470",
"REQUESTER" : "rwightman@dragos.com", "REQUESTER": "rwightman@dragos.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GoAhead Webserver", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.0.0" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Embed This, Inc" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3" "lang": "eng",
}, "value": "EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service."
{ }
"name" : "https://github.com/embedthis/goahead/pull/258", ]
"refsource" : "MISC", },
"url" : "https://github.com/embedthis/goahead/pull/258" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/goahead/pull/258",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/pull/258"
},
{
"name": "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3"
}
]
}
}

122
2017/16xxx/CVE-2017-16072.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16072", "ID": "CVE-2017-16072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "nodemailer.js node module", "product_name": "nodemailer.js node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Embedded Malicious Code (CWE-506)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/511", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/511" "lang": "eng",
} "value": "nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/511",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/511"
}
]
}
}

34
2017/16xxx/CVE-2017-16308.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16308", "ID": "CVE-2017-16308",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/16xxx/CVE-2017-16978.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16978", "ID": "CVE-2017-16978",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1057.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1057", "ID": "CVE-2017-1057",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

246
2017/1xxx/CVE-2017-1102.json
View File

@ -1,125 +1,125 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2017-1102", "ID": "CVE-2017-1102",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Quality Manager", "product_name": "Rational Quality Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.0" "version_value": "4.0"
}, },
{ {
"version_value" : "4.0.1" "version_value": "4.0.1"
}, },
{ {
"version_value" : "4.0.3" "version_value": "4.0.3"
}, },
{ {
"version_value" : "4.0.0.1" "version_value": "4.0.0.1"
}, },
{ {
"version_value" : "4.0.0.2" "version_value": "4.0.0.2"
}, },
{ {
"version_value" : "4.0.2" "version_value": "4.0.2"
}, },
{ {
"version_value" : "4.0.4" "version_value": "4.0.4"
}, },
{ {
"version_value" : "4.0.5" "version_value": "4.0.5"
}, },
{ {
"version_value" : "4.0.6" "version_value": "4.0.6"
}, },
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "4.0.7" "version_value": "4.0.7"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120663", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120663" "lang": "eng",
}, "value": "IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004428", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004428" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99008", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99008" "lang": "eng",
}, "value": "Cross-Site Scripting"
{ }
"name" : "1038698", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038698" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120663",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120663"
},
{
"name": "1038698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038698"
},
{
"name": "99008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99008"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004428",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004428"
}
]
}
}

34
2017/1xxx/CVE-2017-1416.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1416", "ID": "CVE-2017-1416",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4174.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4174", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4174",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4398.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4398", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4398",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4559.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4559", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4559",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4701.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4701", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4701",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }