admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:33:05 +00:00
parent c06bdf3341
commit 3cda8304ca
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3998 additions and 3998 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2006/2xxx/CVE-2006-2055.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2055",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2055",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API."
"lang": "eng",
"value": "Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
"name": "ADV-2006-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1538"
},
{
"name" : "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html",
"refsource" : "MISC",
"url" : "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
"name": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html"
},
{
"name" : "ADV-2006-1538",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1538"
"name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded"
},
{
"name" : "25003",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25003"
"name": "office-mailto-obtain-information(26118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
},
{
"name" : "19819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19819"
"name": "19819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19819"
},
{
"name" : "office-mailto-obtain-information(26118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118"
"name": "25003",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25003"
}
]
}

92
2006/2xxx/CVE-2006-2515.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2515",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2515",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060520 Hiox Guestbook 3.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434686/100/0/threaded"
"name": "20060520 Hiox Guestbook 3.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434686/100/0/threaded"
},
{
"name" : "ADV-2006-1929",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1929"
"name": "hioxguestbook-added-xss(26620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26620"
},
{
"name" : "25712",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25712"
"name": "ADV-2006-1929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1929"
},
{
"name" : "20252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20252"
"name": "25712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25712"
},
{
"name" : "938",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/938"
"name": "938",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/938"
},
{
"name" : "hioxguestbook-added-xss(26620)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26620"
"name": "20252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20252"
}
]
}

134
2006/2xxx/CVE-2006-2563.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2563",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2563",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters."
"lang": "eng",
"value": "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/39"
"name": "21847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21847"
},
{
"name" : "MDKSA-2006:122",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
"name": "20337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20337"
},
{
"name" : "SUSE-SR:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
"name": "18116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18116"
},
{
"name" : "SUSE-SA:2006:052",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_52_php.html"
"name": "22039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22039"
},
{
"name" : "18116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18116"
"name": "21050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21050"
},
{
"name" : "ADV-2006-2055",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2055"
"name": "959",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/959"
},
{
"name" : "1016175",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016175"
"name": "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/39"
},
{
"name" : "20337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20337"
"name": "MDKSA-2006:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name" : "21050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21050"
"name": "php-curl-safemode-bypass(26764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764"
},
{
"name" : "21847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21847"
"name": "SUSE-SR:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name" : "22039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22039"
"name": "1016175",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016175"
},
{
"name" : "959",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/959"
"name": "ADV-2006-2055",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2055"
},
{
"name" : "php-curl-safemode-bypass(26764)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764"
"name": "SUSE-SA:2006:052",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_52_php.html"
}
]
}

98
2006/2xxx/CVE-2006-2663.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2663",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2663",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060524 iFlance v1.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435036/100/0/threaded"
"name": "984",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/984"
},
{
"name" : "ADV-2006-1988",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1988"
"name": "iflance-multiple-scripts-xss(26696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26696"
},
{
"name" : "26043",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26043"
"name": "26044",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26044"
},
{
"name" : "26044",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26044"
"name": "ADV-2006-1988",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1988"
},
{
"name" : "20282",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20282"
"name": "20060524 iFlance v1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435036/100/0/threaded"
},
{
"name" : "984",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/984"
"name": "20282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20282"
},
{
"name" : "iflance-multiple-scripts-xss(26696)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26696"
"name": "26043",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26043"
}
]
}

104
2006/3xxx/CVE-2006-3531.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3531",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3531",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters."
"lang": "eng",
"value": "includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439495/100/0/threaded"
"name": "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439495/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/pivot_130RC2_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/pivot_130RC2_xpl.html"
"name": "http://retrogod.altervista.org/pivot_130RC2_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/pivot_130RC2_xpl.html"
},
{
"name" : "18881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18881"
"name": "ADV-2006-2744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2744"
},
{
"name" : "ADV-2006-2744",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2744"
"name": "pivot-insertimage-file-upload(27671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27671"
},
{
"name" : "27126",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27126"
"name": "20962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20962"
},
{
"name" : "20962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20962"
"name": "18881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18881"
},
{
"name" : "1214",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1214"
"name": "1214",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1214"
},
{
"name" : "pivot-insertimage-file-upload(27671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27671"
"name": "27126",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27126"
}
]
}

86
2006/3xxx/CVE-2006-3657.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3657",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3657",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property."
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
"name": "27109",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27109"
},
{
"name" : "19029",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19029"
"name": "ie-dximagetransform-dos(27762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
},
{
"name" : "ADV-2006-2832",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2832"
"name": "19029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19029"
},
{
"name" : "27109",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27109"
"name": "ADV-2006-2832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2832"
},
{
"name" : "ie-dximagetransform-dos(27762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762"
"name": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html"
}
]
}

104
2006/3xxx/CVE-2006-3947.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3947",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3947",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060729 mambatstaff Mambo Component <= Remote Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441538/100/0/threaded"
"name": "21292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21292"
},
{
"name" : "2086",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2086"
"name": "27653",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27653"
},
{
"name" : "19222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19222"
"name": "1313",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1313"
},
{
"name" : "ADV-2006-3055",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3055"
"name": "ADV-2006-3055",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3055"
},
{
"name" : "27653",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27653"
"name": "2086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2086"
},
{
"name" : "21292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21292"
"name": "19222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19222"
},
{
"name" : "1313",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1313"
"name": "mambatstaff-mambatstaff-file-include(28074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28074"
},
{
"name" : "mambatstaff-mambatstaff-file-include(28074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28074"
"name": "20060729 mambatstaff Mambo Component <= Remote Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441538/100/0/threaded"
}
]
}

104
2006/6xxx/CVE-2006-6336.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6336",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6336",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters."
"lang": "eng",
"value": "Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070105 ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456077/100/0/threaded"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html"
"name": "20070105 ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456077/100/0/threaded"
},
{
"name" : "21897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21897"
"name": "21897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21897"
},
{
"name" : "ADV-2007-0066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0066"
"name": "eudora-mail-management-bo(31325)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31325"
},
{
"name" : "32587",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32587"
"name": "32587",
"refsource": "OSVDB",
"url": "http://osvdb.org/32587"
},
{
"name" : "1017474",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017474"
"name": "ADV-2007-0066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0066"
},
{
"name" : "23622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23622"
"name": "23622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23622"
},
{
"name" : "eudora-mail-management-bo(31325)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31325"
"name": "1017474",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017474"
}
]
}

22
2006/6xxx/CVE-2006-6412.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6412",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6412",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2006/6xxx/CVE-2006-6682.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6682",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6682",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."
"lang": "eng",
"value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061113 Chetcpasswd 2.x: multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116371297325564&w=2"
"name": "30545",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30545"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"
"name": "chetcpasswd-error-message-enumeration(30454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"
},
{
"name" : "21102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21102"
"name": "22967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22967"
},
{
"name" : "30545",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30545"
"name": "21102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21102"
},
{
"name" : "22967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22967"
"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"
},
{
"name" : "chetcpasswd-error-message-enumeration(30454)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"
}
]
}

80
2006/6xxx/CVE-2006-6775.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6775",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6775",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command."
"lang": "eng",
"value": "acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "2985",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2985"
"name": "2985",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2985"
},
{
"name" : "21767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21767"
"name": "ADV-2006-5149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5149"
},
{
"name" : "ADV-2006-5149",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5149"
"name": "21767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21767"
},
{
"name" : "23481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23481"
"name": "23481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23481"
}
]
}

92
2006/7xxx/CVE-2006-7191.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7191",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7191",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program."
"lang": "eng",
"value": "Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl",
"refsource" : "CONFIRM",
"url" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl"
"name": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33",
"refsource": "CONFIRM",
"url": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33"
},
{
"name" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33",
"refsource" : "CONFIRM",
"url" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33"
"name": "DSA-1287",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2007/dsa-1287"
},
{
"name" : "http://lam.sourceforge.net/changelog/index.htm",
"refsource" : "CONFIRM",
"url" : "http://lam.sourceforge.net/changelog/index.htm"
"name": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl",
"refsource": "CONFIRM",
"url": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl"
},
{
"name" : "DSA-1287",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2007/dsa-1287"
"name": "23857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23857"
},
{
"name" : "23857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23857"
"name": "25157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25157"
},
{
"name" : "25157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25157"
"name": "http://lam.sourceforge.net/changelog/index.htm",
"refsource": "CONFIRM",
"url": "http://lam.sourceforge.net/changelog/index.htm"
}
]
}

80
2006/7xxx/CVE-2006-7208.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7208",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7208",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070622 All Of the Mambo & Joomla Script Remote File Inclussion Bugs..",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472005/100/0/threaded"
"name": "45364",
"refsource": "OSVDB",
"url": "http://osvdb.org/45364"
},
{
"name" : "1995",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1995"
"name": "2836",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2836"
},
{
"name" : "45364",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45364"
"name": "20070622 All Of the Mambo & Joomla Script Remote File Inclussion Bugs..",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472005/100/0/threaded"
},
{
"name" : "2836",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2836"
"name": "1995",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1995"
}
]
}

230
2011/0xxx/CVE-2011-0465.json
View File

@ -1,201 +1,201 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0465",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0465",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message."
"lang": "eng",
"value": "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
"name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
},
{
"name" : "[xorg-announce] 20110405 xrdb 1.0.9",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
"name": "RHSA-2011:0433",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
},
{
"name" : "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
"name": "ADV-2011-0966",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0966"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680196",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
"name": "44040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44040"
},
{
"name" : "DSA-2213",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2213"
"name": "DSA-2213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2213"
},
{
"name" : "FEDORA-2011-4871",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
"name": "44082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44082"
},
{
"name" : "MDVSA-2011:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680196",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
},
{
"name" : "RHSA-2011:0432",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
"name": "1025317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025317"
},
{
"name" : "RHSA-2011:0433",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
"name": "47189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47189"
},
{
"name" : "SSA:2011-096-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748"
"name": "FEDORA-2011-4871",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
},
{
"name" : "SUSE-SA:2011:016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
"name": "44123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44123"
},
{
"name" : "openSUSE-SU-2011:0298",
"refsource" : "SUSE",
"url" : "https://lwn.net/Articles/437150/"
"name": "ADV-2011-0880",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0880"
},
{
"name" : "USN-1107-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1107-1"
"name": "ADV-2011-0906",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0906"
},
{
"name" : "47189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47189"
"name": "44012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44012"
},
{
"name" : "1025317",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025317"
"name": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
},
{
"name" : "44040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44040"
"name": "44010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44010"
},
{
"name" : "44010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44010"
"name": "xorg11-xrdb-command-execution(66585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
},
{
"name" : "44012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44012"
"name": "USN-1107-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1107-1"
},
{
"name" : "44082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44082"
"name": "SSA:2011-096-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748"
},
{
"name" : "44122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44122"
"name": "ADV-2011-0889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0889"
},
{
"name" : "44123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44123"
"name": "ADV-2011-0929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0929"
},
{
"name" : "44193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44193"
"name": "44122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44122"
},
{
"name" : "ADV-2011-0880",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0880"
"name": "[xorg-announce] 20110405 xrdb 1.0.9",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
},
{
"name" : "ADV-2011-0889",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0889"
"name": "MDVSA-2011:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
},
{
"name" : "ADV-2011-0906",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0906"
"name": "RHSA-2011:0432",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
},
{
"name" : "ADV-2011-0929",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0929"
"name": "ADV-2011-0975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0975"
},
{
"name" : "ADV-2011-0966",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0966"
"name": "44193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44193"
},
{
"name" : "ADV-2011-0975",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0975"
"name": "SUSE-SA:2011:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
},
{
"name" : "xorg11-xrdb-command-execution(66585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
"name": "openSUSE-SU-2011:0298",
"refsource": "SUSE",
"url": "https://lwn.net/Articles/437150/"
}
]
}

74
2011/0xxx/CVE-2011-0510.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0510",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0510",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action."
"lang": "eng",
"value": "SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "16003",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16003"
"name": "awbs-cart-sql-injection(64726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64726"
},
{
"name" : "42944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42944"
"name": "16003",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16003"
},
{
"name" : "awbs-cart-sql-injection(64726)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64726"
"name": "42944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42944"
}
]
}

98
2011/0xxx/CVE-2011-0895.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0895",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0895",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBMA02652",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130201751130787&w=2"
"name": "44032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44032"
},
{
"name" : "SSRT100432",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130201751130787&w=2"
"name": "47162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47162"
},
{
"name" : "47162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47162"
"name": "8186",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8186"
},
{
"name" : "1025288",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025288"
"name": "HPSBMA02652",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130201751130787&w=2"
},
{
"name" : "44032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44032"
"name": "SSRT100432",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130201751130787&w=2"
},
{
"name" : "8186",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8186"
"name": "1025288",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025288"
},
{
"name" : "ADV-2011-0871",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0871"
"name": "ADV-2011-0871",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0871"
}
]
}

116
2011/0xxx/CVE-2011-0989.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0989",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0989",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
"lang": "eng",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource" : "MLIST",
"url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name" : "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/06/14"
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name" : "http://www.mono-project.com/Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://www.mono-project.com/Vulnerabilities"
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=667077"
"name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name" : "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
"refsource" : "CONFIRM",
"url" : "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name" : "47208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47208"
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name" : "44002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44002"
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name" : "44076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44076"
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name" : "ADV-2011-0904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0904"
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name" : "momo-runtime-security-bypass(66624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
"name": "momo-runtime-security-bypass(66624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
]
}

104
2011/1xxx/CVE-2011-1093.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1093",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1093",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet."
"lang": "eng",
"value": "The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110308 CVE request: kernel: dccp: fix oops on Reset after close",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/08/4"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d"
},
{
"name" : "[oss-security] 20110308 Re: CVE request: kernel: dccp: fix oops on Reset after close",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/08/19"
"name": "46793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46793"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d"
"name": "RHSA-2011:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=682954",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=682954"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=682954",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=682954"
"name": "[oss-security] 20110308 CVE request: kernel: dccp: fix oops on Reset after close",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/4"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100145416"
"name": "[oss-security] 20110308 Re: CVE request: kernel: dccp: fix oops on Reset after close",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/19"
},
{
"name" : "RHSA-2011:0833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
"name": "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name" : "46793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46793"
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
}
]
}

140
2011/1xxx/CVE-2011-1684.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1684",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1684",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file."
"lang": "eng",
"value": "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110412 CVE id request: vlc",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/11/17"
"name": "oval:org.mitre.oval:def:14741",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
},
{
"name" : "[oss-security] 20110413 Re: CVE id request: vlc",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/13/17"
"name": "ADV-2011-0954",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0954"
},
{
"name" : "[oss-security] 20110413 Re: CVE id request: vlc",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/13/14"
"name": "43890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43890"
},
{
"name" : "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821"
"name": "[oss-security] 20110412 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/17"
},
{
"name" : "http://www.videolan.org/security/sa1103.html",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/security/sa1103.html"
"name": "44022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44022"
},
{
"name" : "DSA-2218",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2218"
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821"
},
{
"name" : "47293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47293"
"name": "ADV-2011-0916",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0916"
},
{
"name" : "oval:org.mitre.oval:def:14741",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
"name": "DSA-2218",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2218"
},
{
"name" : "1025373",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025373"
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/17"
},
{
"name" : "43890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43890"
"name": "vlcmediaplayer-mp4readboxskcr-bo(66664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
},
{
"name" : "44022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44022"
"name": "47293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47293"
},
{
"name" : "ADV-2011-0916",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0916"
"name": "1025373",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025373"
},
{
"name" : "ADV-2011-0954",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0954"
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/14"
},
{
"name" : "vlcmediaplayer-mp4readboxskcr-bo(66664)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
"name": "http://www.videolan.org/security/sa1103.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1103.html"
}
]
}

122
2011/3xxx/CVE-2011-3361.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3361",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3361",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[BackupPC-devel] 20110118 XSS's in Browse.pm",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/message.php?msg_id=26919997"
"name": "[BackupPC-devel] 20110118 XSS's in Browse.pm",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=26919997"
},
{
"name" : "[oss-security] 20110913 CVE Request: BackupPC 3.2.1 fixes cross site scripting",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/09/13/3"
"name": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup",
"refsource": "CONFIRM",
"url": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup"
},
{
"name" : "[oss-security] 20110914 Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/09/14/7"
"name": "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html"
},
{
"name" : "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html"
"name": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24",
"refsource": "CONFIRM",
"url": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24"
},
{
"name" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup",
"refsource" : "CONFIRM",
"url" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup"
"name": "backuppc-num-xss(71030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71030"
},
{
"name" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24",
"refsource" : "CONFIRM",
"url" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24"
"name": "44259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44259"
},
{
"name" : "USN-1249-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1249-1"
"name": "46621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46621"
},
{
"name" : "50406",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50406"
"name": "USN-1249-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1249-1"
},
{
"name" : "44259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44259"
"name": "[oss-security] 20110914 Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/14/7"
},
{
"name" : "46621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46621"
"name": "50406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50406"
},
{
"name" : "backuppc-num-xss(71030)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71030"
"name": "[oss-security] 20110913 CVE Request: BackupPC 3.2.1 fixes cross site scripting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/13/3"
}
]
}

62
2011/3xxx/CVE-2011-3692.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3692",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3692",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step."
"lang": "eng",
"value": "NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html",
"refsource" : "MISC",
"url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html"
"name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html",
"refsource": "MISC",
"url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html"
}
]
}

110
2011/3xxx/CVE-2011-3969.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3969",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3969",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents."
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=110112",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=110112"
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
"name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
"name": "oval:org.mitre.oval:def:14917",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14917"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
"name": "http://code.google.com/p/chromium/issues/detail?id=110112",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=110112"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:14917",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14917"
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}

68
2011/4xxx/CVE-2011-4265.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4265",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-4265",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#70502960",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN70502960/index.html"
"name": "JVN#70502960",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN70502960/index.html"
},
{
"name" : "JVNDB-2011-000103",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000103"
"name": "JVNDB-2011-000103",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000103"
}
]
}

62
2011/4xxx/CVE-2011-4710.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4710",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4710",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18115",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18115"
"name": "18115",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18115"
}
]
}

68
2011/4xxx/CVE-2011-4738.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4738",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4738",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files."
"lang": "eng",
"value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
"name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
},
{
"name" : "plesk-httponly-info-disc(72321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72321"
"name": "plesk-httponly-info-disc(72321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72321"
}
]
}

68
2011/4xxx/CVE-2011-4739.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4739",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4739",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files."
"lang": "eng",
"value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
"name": "plesk-password-form-sec-bypass(72320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72320"
},
{
"name" : "plesk-password-form-sec-bypass(72320)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72320"
"name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
}
]
}

22
2013/5xxx/CVE-2013-5437.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5437",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5437",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2013/5xxx/CVE-2013-5455.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5455",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5455",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command."
"lang": "eng",
"value": "IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657949",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657949"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657949",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657949"
},
{
"name" : "smartcloud-provisioning-cve20135455-cli(88254)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88254"
"name": "smartcloud-provisioning-cve20135455-cli(88254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88254"
}
]
}

22
2013/5xxx/CVE-2013-5617.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5617",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5617",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2014/2xxx/CVE-2014-2218.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2218",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2218",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2014/2xxx/CVE-2014-2257.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2257",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2257",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets."
"lang": "eng",
"value": "Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01"
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf"
},
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf"
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01"
}
]
}

74
2014/2xxx/CVE-2014-2291.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2291",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2291",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617"
"name": "juniper-junos-cve20142291-xss(91770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91770"
},
{
"name" : "57375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57375"
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617"
},
{
"name" : "juniper-junos-cve20142291-xss(91770)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91770"
"name": "57375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57375"
}
]
}

74
2014/2xxx/CVE-2014-2322.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2322",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2322",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable."
"lang": "eng",
"value": "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/10/8"
"name": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html"
},
{
"name" : "[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/12/6"
"name": "[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/10/8"
},
{
"name" : "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html"
"name": "[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/12/6"
}
]
}

80
2014/2xxx/CVE-2014-2790.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2790",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2790",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806."
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "68375",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68375"
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
"name": "68375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68375"
}
]
}

68
2014/2xxx/CVE-2014-2885.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2885",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-2885",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c."
"lang": "eng",
"value": "Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140417 Re: TrueCrypt audit report",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7"
"name": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf",
"refsource": "MISC",
"url": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf"
},
{
"name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf",
"refsource" : "MISC",
"url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf"
"name": "[oss-security] 20140417 Re: TrueCrypt audit report",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/17/7"
}
]
}

80
2014/6xxx/CVE-2014-6024.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6024",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6024",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html",
"refsource" : "MISC",
"url" : "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html"
"name": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html",
"refsource": "MISC",
"url": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html"
},
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#208585",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/208585"
},
{
"name" : "VU#208585",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/208585"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

98
2014/6xxx/CVE-2014-6269.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6269",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6269",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read."
"lang": "eng",
"value": "Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[haproxy] 20140805 segfault in http_skip_chunk_crlf after 16G of data has passed through haproxy",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.comp.web.haproxy/17726"
"name": "[haproxy] 20140805 segfault in http_skip_chunk_crlf after 16G of data has passed through haproxy",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.web.haproxy/17726"
},
{
"name" : "[haproxy] 20140902 [ANNOUNCE] haproxy-1.5.4",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.comp.web.haproxy/18097"
"name": "61507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61507"
},
{
"name" : "[oss-security] 20140909 Re: CVE Request: haproxy read out of bounds",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/09/23"
"name": "59936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59936"
},
{
"name" : "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c",
"refsource" : "CONFIRM",
"url" : "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c"
"name": "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c",
"refsource": "CONFIRM",
"url": "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c"
},
{
"name" : "RHSA-2014:1292",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1292.html"
"name": "[haproxy] 20140902 [ANNOUNCE] haproxy-1.5.4",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.web.haproxy/18097"
},
{
"name" : "59936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59936"
"name": "[oss-security] 20140909 Re: CVE Request: haproxy read out of bounds",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/09/23"
},
{
"name" : "61507",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61507"
"name": "RHSA-2014:1292",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1292.html"
}
]
}

86
2014/6xxx/CVE-2014-6539.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6539",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6539",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
"name": "61781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61781"
},
{
"name" : "70450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70450"
"name": "1031042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031042"
},
{
"name" : "1031042",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031042"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "61725",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61725"
"name": "61725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61725"
},
{
"name" : "61781",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61781"
"name": "70450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70450"
}
]
}

74
2014/6xxx/CVE-2014-6790.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6790",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6790",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#599393",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/599393"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#599393",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/599393"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

62
2014/7xxx/CVE-2014-7867.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7867",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7867",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter."
"lang": "eng",
"value": "SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix",
"refsource" : "CONFIRM",
"url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix"
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix",
"refsource": "CONFIRM",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix"
}
]
}

80
2017/0xxx/CVE-2017-0014.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0014",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0014",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows Graphics Component",
"version" : {
"version_data" : [
"product_name": "Windows Graphics Component",
"version": {
"version_data": [
{
"version_value" : "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607"
"version_value": "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0108."
"lang": "eng",
"value": "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0108."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/",
"refsource" : "MISC",
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/"
"name": "96013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96013"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014"
},
{
"name" : "96013",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96013"
"name": "1038002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038002"
},
{
"name" : "1038002",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038002"
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/"
}
]
}

80
2017/0xxx/CVE-2017-0124.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0124",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0124",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows Uniscribe",
"version" : {
"version_data" : [
"product_name": "Windows Uniscribe",
"version": {
"version_data": [
{
"version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
"version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
"lang": "eng",
"value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "41655",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41655/"
"name": "96670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96670"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124"
"name": "1037992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037992"
},
{
"name" : "96670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96670"
"name": "41655",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41655/"
},
{
"name" : "1037992",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037992"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124"
}
]
}

76
2017/0xxx/CVE-2017-0174.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-0174",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-0174",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
"version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka \"Windows NetBIOS Denial of Service Vulnerability\"."
"lang": "eng",
"value": "Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka \"Windows NetBIOS Denial of Service Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service"
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174"
"name": "100038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100038"
},
{
"name" : "100038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100038"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174"
},
{
"name" : "1039109",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039109"
"name": "1039109",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039109"
}
]
}

74
2017/0xxx/CVE-2017-0502.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0502",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0502",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027."
"lang": "eng",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96726"
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}

82
2017/0xxx/CVE-2017-0520.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0520",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0520",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Kernel-3.10"
"version_value": "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636."
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd"
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name" : "96804",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96804"
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
"name": "96804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96804"
}
]
}

66
2017/1000xxx/CVE-2017-1000030.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.279652",
"ID" : "CVE-2017-1000030",
"REQUESTER" : "pkarolak@trustwave.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.279652",
"ID": "CVE-2017-1000030",
"REQUESTER": "pkarolak@trustwave.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "GlassFish Server Open Source Edition",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "3.0.1 (build 22)"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface."
"lang": "eng",
"value": "Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Java Key Store Password Disclosure"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037"
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037"
}
]
}

66
2017/1000xxx/CVE-2017-1000403.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-11-17",
"ID" : "CVE-2017-1000403",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-11-17",
"ID": "CVE-2017-1000403",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Jenkins Speaks! Plugin",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "all versions"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Jenkins Speaks! Plugin"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts."
"lang": "eng",
"value": "Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Arbitrary Code Execution"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jenkins.io/security/advisory/2017-10-11/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-10-11/"
"name": "https://jenkins.io/security/advisory/2017-10-11/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-10-11/"
}
]
}

86
2017/18xxx/CVE-2017-18206.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18206",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18206",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow."
"lang": "eng",
"value": "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d"
"name": "USN-3593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name" : "GLSA-201805-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-10"
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name" : "RHSA-2018:1932",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1932"
"name": "RHSA-2018:1932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"name" : "RHSA-2018:3073",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3073"
"name": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d"
},
{
"name" : "USN-3593-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3593-1/"
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
]
}

106
2017/1xxx/CVE-2017-1772.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-03-30T00:00:00",
"ID" : "CVE-2017-1772",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-30T00:00:00",
"ID": "CVE-2017-1772",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "MobileFirst Platform Foundation",
"version" : {
"version_data" : [
"product_name": "MobileFirst Platform Foundation",
"version": {
"version_data": [
{
"version_value" : "6.3"
"version_value": "6.3"
},
{
"version_value" : "7.0"
"version_value": "7.0"
},
{
"version_value" : "7.1"
"version_value": "7.1"
},
{
"version_value" : "8.0"
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786."
"lang": "eng",
"value": "IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"SCORE": "6.100",
"UI": "R"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786"
"name": "103735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103735"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000369",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000369"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786"
},
{
"name" : "103735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103735"
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000369",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000369"
}
]
}

22
2017/1xxx/CVE-2017-1775.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1775",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1775",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

78
2017/1xxx/CVE-2017-1785.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-02-02T00:00:00",
"ID" : "CVE-2017-1785",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-02T00:00:00",
"ID": "CVE-2017-1785",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
"product_name": "API Connect",
"version": {
"version_data": [
{
"version_value" : "5.0.7.0"
"version_value": "5.0.7.0"
},
{
"version_value" : "5.0.7.1"
"version_value": "5.0.7.1"
},
{
"version_value" : "5.0.7.2"
"version_value": "5.0.7.2"
},
{
"version_value" : "5.0.8.0"
"version_value": "5.0.8.0"
},
{
"version_value" : "5.0.8.1"
"version_value": "5.0.8.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859."
"lang": "eng",
"value": "IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22013061",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013061"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013061",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013061"
}
]
}

22
2017/4xxx/CVE-2017-4128.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4128",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4128",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

98
2017/5xxx/CVE-2017-5940.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5940",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5940",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180."
"lang": "eng",
"value": "Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.openwall.com/lists/oss-security/2017/01/31/16",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/31/16"
"name": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"refsource": "MISC",
"url": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863"
},
{
"name" : "https://firejail.wordpress.com/download-2/release-notes/",
"refsource" : "MISC",
"url" : "https://firejail.wordpress.com/download-2/release-notes/"
"name": "GLSA-201702-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-03"
},
{
"name" : "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f",
"refsource" : "MISC",
"url" : "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f"
"name": "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f",
"refsource": "MISC",
"url": "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f"
},
{
"name" : "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"refsource" : "MISC",
"url" : "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef"
"name": "https://firejail.wordpress.com/download-2/release-notes/",
"refsource": "MISC",
"url": "https://firejail.wordpress.com/download-2/release-notes/"
},
{
"name" : "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"refsource" : "MISC",
"url" : "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863"
"name": "http://www.openwall.com/lists/oss-security/2017/01/31/16",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/16"
},
{
"name" : "GLSA-201702-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-03"
"name": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"refsource": "MISC",
"url": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef"
},
{
"name" : "96221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96221"
"name": "96221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96221"
}
]
}