admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:09:57 +00:00
parent 4c9c6719e0
commit 3ec7bb6ed8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4501 additions and 4501 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2001/0xxx/CVE-2001-0406.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010417 Samba 2.0.8 security fix",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0305.html"
},
{
"name" : "DSA-048",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2001/dsa-048"
},
{
"name" : "CSSA-2001-015.0",
"refsource" : "CALDERA",
"url" : "http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt"
},
{
"name" : "20010418 TSLSA-#2001-0005 - samba",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0319.html"
},
{
"name" : "20010418 PROGENY-SA-2001-05: Samba /tmp vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0326.html"
},
{
"name" : "CLA-2001:395",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000395"
},
{
"name" : "FreeBSD-SA-01:36",
"refsource" : "FREEBSD",
"url" : "http://archives.neohapsis.com/archives/freebsd/2001-04/0608.html"
},
{
"name" : "MDKSA-2001:040",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-040.php3"
},
{
"name" : "VU#670568",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/670568"
},
{
"name" : "2617",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010418 TSLSA-#2001-0005 - samba",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0319.html"
},
{
"name": "20010418 PROGENY-SA-2001-05: Samba /tmp vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0326.html"
},
{
"name": "CLA-2001:395",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000395"
},
{
"name": "CSSA-2001-015.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt"
},
{
"name": "20010417 Samba 2.0.8 security fix",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0305.html"
},
{
"name": "VU#670568",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/670568"
},
{
"name": "2617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2617"
},
{
"name": "MDKSA-2001:040",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-040.php3"
},
{
"name": "DSA-048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-048"
},
{
"name": "FreeBSD-SA-01:36",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0608.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0470.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010313 Solaris 5.8 snmpd Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0160.html"
},
{
"name" : "20010315 Re: Solaris 5.8 snmpd Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0181.html"
},
{
"name" : "snmpd-argv-bo(6239)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010315 Re: Solaris 5.8 snmpd Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0181.html"
},
{
"name": "snmpd-argv-bo(6239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6239"
},
{
"name": "20010313 Solaris 5.8 snmpd Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0160.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0909.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011121 Buffer overflow in Windows XP \"helpctr.exe\"",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=100638955422011&w=2"
},
{
"name" : "winxp-helpctr-bo(7605)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7605"
},
{
"name" : "6802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6802"
},
{
"name": "winxp-helpctr-bo(7605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7605"
},
{
"name": "20011121 Buffer overflow in Windows XP \"helpctr.exe\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100638955422011&w=2"
}
]
}
}

150
2001/1xxx/CVE-2001-1017.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-01:59",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc"
},
{
"name" : "rmuser-insecure-password-file(7086)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7086"
},
{
"name" : "3282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3282"
},
{
"name" : "1947",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3282"
},
{
"name": "rmuser-insecure-password-file(7086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7086"
},
{
"name": "FreeBSD-SA-01:59",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc"
},
{
"name": "1947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1947"
}
]
}
}

140
2001/1xxx/CVE-2001-1068.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010825 qpopper and pam.d",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0363.html"
},
{
"name" : "qpopper-pam-auth-error(7047)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7047"
},
{
"name" : "3242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3242"
},
{
"name": "qpopper-pam-auth-error(7047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7047"
},
{
"name": "20010825 qpopper and pam.d",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0363.html"
}
]
}
}

170
2006/2xxx/CVE-2006-2012.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060423 Format string bug in Skulltag 0.96f",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431872/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/skulltagfs-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/skulltagfs-adv.txt"
},
{
"name" : "17659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17659"
},
{
"name" : "ADV-2006-1479",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1479"
},
{
"name" : "19767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19767"
},
{
"name" : "skulltag-version-format-string(25988)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25988"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19767"
},
{
"name": "20060423 Format string bug in Skulltag 0.96f",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431872/100/0/threaded"
},
{
"name": "skulltag-version-format-string(25988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25988"
},
{
"name": "ADV-2006-1479",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1479"
},
{
"name": "17659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17659"
},
{
"name": "http://aluigi.altervista.org/adv/skulltagfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/skulltagfs-adv.txt"
}
]
}
}

140
2006/2xxx/CVE-2006-2532.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060521 Destiney Rated Images Script v0.5.0 - XSS Vulnv",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434691/100/0/threaded"
},
{
"name" : "940",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/940"
},
{
"name" : "destineyris-stats-sql-injection(26603)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060521 Destiney Rated Images Script v0.5.0 - XSS Vulnv",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434691/100/0/threaded"
},
{
"name": "destineyris-stats-sql-injection(26603)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26603"
},
{
"name": "940",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/940"
}
]
}
}

170
2006/2xxx/CVE-2006-2761.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html"
},
{
"name" : "18181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18181"
},
{
"name" : "ADV-2006-2063",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2063"
},
{
"name" : "1016190",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016190"
},
{
"name" : "20347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20347"
},
{
"name" : "hitachi-hitsenser3-sql-injection(26749)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2063",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2063"
},
{
"name": "1016190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016190"
},
{
"name": "18181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18181"
},
{
"name": "hitachi-hitsenser3-sql-injection(26749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26749"
},
{
"name": "20347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20347"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html"
}
]
}
}

260
2006/2xxx/CVE-2006-2802.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1852",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1852"
},
{
"name" : "DSA-1105",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1105"
},
{
"name" : "GLSA-200609-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"name" : "MDKSA-2006:108",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"name" : "SUSE-SR:2006:014",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"name" : "USN-295-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/295-1/"
},
{
"name" : "18187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18187"
},
{
"name" : "25936",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25936"
},
{
"name" : "20369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20369"
},
{
"name" : "20549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20549"
},
{
"name" : "20766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20766"
},
{
"name" : "20828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20828"
},
{
"name" : "20942",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20942"
},
{
"name" : "21919",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21919"
},
{
"name" : "xinelib-xinepluginphttp-bo(26972)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1105",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1105"
},
{
"name": "25936",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25936"
},
{
"name": "20369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20369"
},
{
"name": "20942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20942"
},
{
"name": "20766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20766"
},
{
"name": "GLSA-200609-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-08.xml"
},
{
"name": "18187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18187"
},
{
"name": "20549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20549"
},
{
"name": "xinelib-xinepluginphttp-bo(26972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26972"
},
{
"name": "SUSE-SR:2006:014",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
},
{
"name": "USN-295-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/295-1/"
},
{
"name": "20828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20828"
},
{
"name": "1852",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1852"
},
{
"name": "MDKSA-2006:108",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:108"
},
{
"name": "21919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21919"
}
]
}
}

180
2006/2xxx/CVE-2006-2831.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060602 [DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435792/100/0/threaded"
},
{
"name" : "http://drupal.org/node/66763",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/66763"
},
{
"name" : "http://drupal.org/files/sa-2006-007/advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/files/sa-2006-007/advisory.txt"
},
{
"name" : "DSA-1125",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1125"
},
{
"name" : "18245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18245"
},
{
"name" : "21244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21244"
},
{
"name" : "1042",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1042"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18245"
},
{
"name": "20060602 [DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435792/100/0/threaded"
},
{
"name": "DSA-1125",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1125"
},
{
"name": "21244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21244"
},
{
"name": "http://drupal.org/node/66763",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/66763"
},
{
"name": "1042",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1042"
},
{
"name": "http://drupal.org/files/sa-2006-007/advisory.txt",
"refsource": "CONFIRM",
"url": "http://drupal.org/files/sa-2006-007/advisory.txt"
}
]
}
}

150
2006/2xxx/CVE-2006-2905.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060606 Partial Links v1.2.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436112/100/0/threaded"
},
{
"name" : "ADV-2006-2169",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2169"
},
{
"name" : "20491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20491"
},
{
"name" : "particlelinks-multiple-path-disclosure(26956)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26956"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "particlelinks-multiple-path-disclosure(26956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26956"
},
{
"name": "20491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20491"
},
{
"name": "20060606 Partial Links v1.2.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436112/100/0/threaded"
},
{
"name": "ADV-2006-2169",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2169"
}
]
}
}

710
2006/6xxx/CVE-2006-6077.json
View File

@ -1,357 +1,357 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
},
{
"name" : "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
},
{
"name" : "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
},
{
"name" : "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
},
{
"name" : "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
},
{
"name" : "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
},
{
"name" : "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
},
{
"name" : "20070226 rPSA-2007-0040-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name" : "20070303 rPSA-2007-0040-3 firefox thunderbird",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name" : "http://www.info-svc.com/news/11-21-2006/",
"refsource" : "MISC",
"url" : "http://www.info-svc.com/news/11-21-2006/"
},
{
"name" : "http://www.info-svc.com/news/11-21-2006/rcsr1/",
"refsource" : "MISC",
"url" : "http://www.info-svc.com/news/11-21-2006/rcsr1/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=360493",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
},
{
"name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1081",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1081"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1103",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1103"
},
{
"name" : "DSA-1336",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1336"
},
{
"name" : "FEDORA-2007-281",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2713"
},
{
"name" : "FEDORA-2007-293",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2728"
},
{
"name" : "GLSA-200703-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200703-04.xml"
},
{
"name" : "GLSA-200703-08",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "MDKSA-2007:050",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name" : "RHSA-2007:0079",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"name" : "RHSA-2007:0077",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name" : "RHSA-2007:0078",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name" : "RHSA-2007:0097",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name" : "RHSA-2007:0108",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name" : "20070301-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name" : "20070202-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"name" : "SSA:2007-066-05",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"
},
{
"name" : "SUSE-SA:2007:019",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name" : "SUSE-SA:2007:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name" : "USN-428-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name" : "21240",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21240"
},
{
"name" : "22694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22694"
},
{
"name" : "oval:org.mitre.oval:def:10031",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
},
{
"name" : "ADV-2006-4662",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4662"
},
{
"name" : "ADV-2007-0718",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name" : "1017271",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017271"
},
{
"name" : "23046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23046"
},
{
"name" : "23108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23108"
},
{
"name" : "24238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24238"
},
{
"name" : "24287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24287"
},
{
"name" : "24290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24290"
},
{
"name" : "24205",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24205"
},
{
"name" : "24328",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24328"
},
{
"name" : "24333",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24333"
},
{
"name" : "24343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24343"
},
{
"name" : "24320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24320"
},
{
"name" : "24293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24293"
},
{
"name" : "24393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24393"
},
{
"name" : "24395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24395"
},
{
"name" : "24384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24384"
},
{
"name" : "24437",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24437"
},
{
"name" : "24650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24650"
},
{
"name" : "24457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24457"
},
{
"name" : "24342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24342"
},
{
"name" : "25588",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25588"
},
{
"name" : "firefox-passwordmgr-information-disclosure(30470)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2007:0078",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "http://www.info-svc.com/news/11-21-2006/rcsr1/",
"refsource": "MISC",
"url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
},
{
"name": "oval:org.mitre.oval:def:10031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
},
{
"name": "24395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24395"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "24328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24328"
},
{
"name": "RHSA-2007:0108",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "GLSA-200703-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
},
{
"name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
},
{
"name": "GLSA-200703-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
},
{
"name": "23046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23046"
},
{
"name": "24384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24384"
},
{
"name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
},
{
"name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
},
{
"name": "24457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24457"
},
{
"name": "firefox-passwordmgr-information-disclosure(30470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
},
{
"name": "24343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24343"
},
{
"name": "DSA-1336",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "1017271",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017271"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
},
{
"name": "ADV-2007-0718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
},
{
"name": "24650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24650"
},
{
"name": "USN-428-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "24320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24320"
},
{
"name": "25588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25588"
},
{
"name": "https://issues.rpath.com/browse/RPL-1103",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "SUSE-SA:2007:019",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "SUSE-SA:2007:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24293"
},
{
"name": "24238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24238"
},
{
"name": "24393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24393"
},
{
"name": "24342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24342"
},
{
"name": "24287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24287"
},
{
"name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
},
{
"name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
},
{
"name": "23108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23108"
},
{
"name": "21240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21240"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
},
{
"name": "22694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22694"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "FEDORA-2007-281",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2713"
},
{
"name": "RHSA-2007:0097",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "FEDORA-2007-293",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2728"
},
{
"name": "20070301-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24205"
},
{
"name": "https://issues.rpath.com/browse/RPL-1081",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "24333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24333"
},
{
"name": "ADV-2006-4662",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4662"
},
{
"name": "MDKSA-2007:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "24290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24290"
},
{
"name": "RHSA-2007:0077",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "20070202-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"name": "SSA:2007-066-05",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"
},
{
"name": "RHSA-2007:0079",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"name": "http://www.info-svc.com/news/11-21-2006/",
"refsource": "MISC",
"url": "http://www.info-svc.com/news/11-21-2006/"
},
{
"name": "24437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24437"
}
]
}
}

150
2006/6xxx/CVE-2006-6180.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21296"
},
{
"name" : "ADV-2006-4707",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4707"
},
{
"name" : "23123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23123"
},
{
"name" : "inews-articles-xss(30510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30510"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23123"
},
{
"name": "21296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21296"
},
{
"name": "ADV-2006-4707",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4707"
},
{
"name": "inews-articles-xss(30510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30510"
}
]
}
}

140
2006/6xxx/CVE-2006-6906.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to \"Mach Exception Handling\", a different issue than CVE-2006-6900."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name" : "36836",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to \"Mach Exception Handling\", a different issue than CVE-2006-6900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "36836",
"refsource": "OSVDB",
"url": "http://osvdb.org/36836"
}
]
}
}

150
2006/7xxx/CVE-2006-7151.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061010 [Fedora] libtool-ltdl uses relative paths to resolve and load libraries",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448153/100/0/threaded"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930"
},
{
"name" : "20434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20434"
},
{
"name" : "2378",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2378",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2378"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930"
},
{
"name": "20434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20434"
},
{
"name": "20061010 [Fedora] libtool-ltdl uses relative paths to resolve and load libraries",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448153/100/0/threaded"
}
]
}
}

120
2011/0xxx/CVE-2011-0791.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

34
2011/0xxx/CVE-2011-0942.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0942",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0942",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2011/0xxx/CVE-2011-0975.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110203 ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516188/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-039",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-039"
},
{
"name" : "46151",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46151"
},
{
"name" : "70788",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70788"
},
{
"name" : "43177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43177"
},
{
"name" : "8076",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8076"
},
{
"name" : "ADV-2011-0286",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0286"
},
{
"name" : "bmc-patrolagent-bo(65135)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65135"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8076",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8076"
},
{
"name": "ADV-2011-0286",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0286"
},
{
"name": "70788",
"refsource": "OSVDB",
"url": "http://osvdb.org/70788"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-039",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-039"
},
{
"name": "bmc-patrolagent-bo(65135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65135"
},
{
"name": "46151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46151"
},
{
"name": "43177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43177"
},
{
"name": "20110203 ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516188/100/0/threaded"
}
]
}
}

180
2011/2xxx/CVE-2011-2146.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name" : "openSUSE-SU-2011:0617",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/8711677"
},
{
"name" : "48098",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48098"
},
{
"name" : "1025601",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025601"
},
{
"name" : "44840",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44840"
},
{
"name" : "44904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44904"
},
{
"name" : "vmware-mountvmhgfs-info-disc(67813)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44904"
},
{
"name": "vmware-mountvmhgfs-info-disc(67813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67813"
},
{
"name": "48098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48098"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name": "44840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44840"
},
{
"name": "1025601",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025601"
},
{
"name": "openSUSE-SU-2011:0617",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8711677"
}
]
}
}

34
2011/2xxx/CVE-2011-2418.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2418",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-2418",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

130
2011/2xxx/CVE-2011-2586.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24436",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24436"
},
{
"name" : "1027005",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24436",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24436"
},
{
"name": "1027005",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027005"
}
]
}
}

180
2011/2xxx/CVE-2011-2893.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements"
},
{
"name" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21505448",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21505448"
},
{
"name" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm",
"refsource" : "CONFIRM",
"url" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm"
},
{
"name" : "48936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48936"
},
{
"name" : "74166",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74166"
},
{
"name" : "ibmlotussymphony-datapilot-dos(68748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48936"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21505448",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21505448"
},
{
"name": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements"
},
{
"name": "ibmlotussymphony-datapilot-dos(68748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68748"
},
{
"name": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm"
},
{
"name": "74166",
"refsource": "OSVDB",
"url": "http://osvdb.org/74166"
},
{
"name": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm"
}
]
}
}

160
2011/2xxx/CVE-2011-2918.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110816 Re: CVE request -- kernel: perf: fix software event overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/16/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8b0ca17b80e92faab46ee7179ba9e99ccb61233",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8b0ca17b80e92faab46ee7179ba9e99ccb61233"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=730706",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730706"
},
{
"name" : "https://github.com/torvalds/linux/commit/a8b0ca17b80e92faab46ee7179ba9e99ccb61233",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/a8b0ca17b80e92faab46ee7179ba9e99ccb61233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8b0ca17b80e92faab46ee7179ba9e99ccb61233",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8b0ca17b80e92faab46ee7179ba9e99ccb61233"
},
{
"name": "https://github.com/torvalds/linux/commit/a8b0ca17b80e92faab46ee7179ba9e99ccb61233",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a8b0ca17b80e92faab46ee7179ba9e99ccb61233"
},
{
"name": "[oss-security] 20110816 Re: CVE request -- kernel: perf: fix software event overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/16/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=730706",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730706"
}
]
}
}

140
2011/2xxx/CVE-2011-2948.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-268/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-268/"
},
{
"name" : "http://service.real.com/realplayer/security/08162011_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/08162011_player/en/"
},
{
"name" : "1025943",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-268/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-268/"
},
{
"name": "1025943",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025943"
},
{
"name": "http://service.real.com/realplayer/security/08162011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/08162011_player/en/"
}
]
}
}

170
2011/2xxx/CVE-2011-2976.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/3.4.11/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.4.11/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053"
},
{
"name" : "49042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49042"
},
{
"name" : "74303",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/74303"
},
{
"name" : "45501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45501"
},
{
"name" : "bugzilla-buglist-xss(69038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bugzilla-buglist-xss(69038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69038"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053"
},
{
"name": "45501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45501"
},
{
"name": "http://www.bugzilla.org/security/3.4.11/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.4.11/"
},
{
"name": "74303",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74303"
},
{
"name": "49042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49042"
}
]
}
}

150
2011/3xxx/CVE-2011-3171.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SU-2011:1028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"name" : "SUSE-SU-2011:1029",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
},
{
"name" : "49541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49541"
},
{
"name" : "pureftpd-oes-directory-traversal(69686)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49541"
},
{
"name": "SUSE-SU-2011:1028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"name": "pureftpd-oes-directory-traversal(69686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
},
{
"name": "SUSE-SU-2011:1029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
}
]
}
}

200
2011/3xxx/CVE-2011-3268.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.php.net/ChangeLog-5.php#5.3.7",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"name" : "http://www.php.net/archive/2011.php#id2011-08-18-1",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2011.php#id2011-08-18-1"
},
{
"name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=311300&r2=311390&pathrev=315218",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=311300&r2=311390&pathrev=315218"
},
{
"name" : "http://support.apple.com/kb/HT5130",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5130"
},
{
"name" : "APPLE-SA-2012-02-01-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name" : "MDVSA-2011:165",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name" : "49241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49241"
},
{
"name" : "74738",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74738"
},
{
"name" : "php-crypt-bo(69427)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=311300&r2=311390&pathrev=315218",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/php_crypt_r.c?r1=311300&r2=311390&pathrev=315218"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "49241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49241"
},
{
"name": "MDVSA-2011:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.3.7",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.3.7"
},
{
"name": "php-crypt-bo(69427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69427"
},
{
"name": "http://www.php.net/archive/2011.php#id2011-08-18-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2011.php#id2011-08-18-1"
},
{
"name": "74738",
"refsource": "OSVDB",
"url": "http://osvdb.org/74738"
}
]
}
}

140
2011/3xxx/CVE-2011-3499.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/movicon_3-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/movicon_3-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf"
},
{
"name" : "movicon-eidp-dos(69789)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/movicon_3-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/movicon_3-adv.txt"
},
{
"name": "movicon-eidp-dos(69789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69789"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf"
}
]
}
}

140
2011/3xxx/CVE-2011-3740.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/frontaccounting-2.3.1"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

120
2011/4xxx/CVE-2011-4276.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/android/issues/detail?id=21347",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/android/issues/detail?id=21347"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/android/issues/detail?id=21347",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/android/issues/detail?id=21347"
}
]
}
}

120
2013/1xxx/CVE-2013-1153.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130305 Cisco Prime Infrastructure CSRF Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130305 Cisco Prime Infrastructure CSRF Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1153"
}
]
}
}

120
2013/1xxx/CVE-2013-1208.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130528 Cisco Nexus 1000V VSM/VEM Communication Encryption Issues",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130528 Cisco Nexus 1000V VSM/VEM Communication Encryption Issues",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1208"
}
]
}
}

130
2013/1xxx/CVE-2013-1528.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

380
2013/1xxx/CVE-2013-1669.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-41.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-41.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=791432",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=791432"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=803228",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=803228"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814552",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814552"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=819775",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=819775"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=821479",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=821479"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=821850",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=821850"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=822910",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=822910"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826104",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826104"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826392",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826392"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826588",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826588"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=834526",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=834526"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=837007",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=837007"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=837324",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=837324"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=843434",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=843434"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=854001",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=854001"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=855236",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=855236"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=865948",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=865948"
},
{
"name" : "openSUSE-SU-2013:0831",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html"
},
{
"name" : "openSUSE-SU-2013:0834",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html"
},
{
"name" : "openSUSE-SU-2013:0825",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:0929",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html"
},
{
"name" : "openSUSE-SU-2013:0946",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html"
},
{
"name" : "USN-1822-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1822-1"
},
{
"name" : "USN-1823-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1823-1"
},
{
"name" : "59870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59870"
},
{
"name" : "oval:org.mitre.oval:def:16493",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=826392",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=826392"
},
{
"name": "openSUSE-SU-2013:0825",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=854001",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=854001"
},
{
"name": "59870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59870"
},
{
"name": "USN-1823-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1823-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=821850",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821850"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=843434",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=843434"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=865948",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=865948"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=791432",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=791432"
},
{
"name": "openSUSE-SU-2013:0929",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-41.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-41.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=803228",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803228"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=834526",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=834526"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=837324",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=837324"
},
{
"name": "openSUSE-SU-2013:0831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=826588",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=826588"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=819775",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=819775"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=837007",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=837007"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=821479",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821479"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=855236",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=855236"
},
{
"name": "openSUSE-SU-2013:0834",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html"
},
{
"name": "openSUSE-SU-2013:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=826104",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=826104"
},
{
"name": "USN-1822-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1822-1"
},
{
"name": "oval:org.mitre.oval:def:16493",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16493"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=822910",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822910"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814552",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814552"
}
]
}
}

220
2013/1xxx/CVE-2013-1773.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "23248",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/23248/"
},
{
"name" : "[oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/26/8"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=916115",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=916115"
},
{
"name" : "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"name" : "RHSA-2013:0744",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"name" : "RHSA-2013:0928",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"name" : "RHSA-2013:1026",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
},
{
"name" : "58200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58200"
},
{
"name" : "88310",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/88310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916115",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916115"
},
{
"name": "RHSA-2013:0928",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"name": "[oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/8"
},
{
"name": "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"name": "23248",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23248/"
},
{
"name": "RHSA-2013:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"name": "58200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58200"
},
{
"name": "88310",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/88310"
},
{
"name": "RHSA-2013:1026",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
}
]
}
}

200
2013/1xxx/CVE-2013-1804.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) \"__BBCODE__\" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Feb/154"
},
{
"name" : "[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/03/2"
},
{
"name" : "[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/03/1"
},
{
"name" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html"
},
{
"name" : "http://www.waraxe.us/advisory-97.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-97.html"
},
{
"name" : "http://www.php-fusion.co.uk/news.php?readmore=569",
"refsource" : "CONFIRM",
"url" : "http://www.php-fusion.co.uk/news.php?readmore=569"
},
{
"name" : "90707",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/90707"
},
{
"name" : "90708",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/90708"
},
{
"name" : "52403",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) \"__BBCODE__\" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-97.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-97.html"
},
{
"name": "[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/2"
},
{
"name": "[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/1"
},
{
"name": "90707",
"refsource": "OSVDB",
"url": "http://osvdb.org/90707"
},
{
"name": "90708",
"refsource": "OSVDB",
"url": "http://osvdb.org/90708"
},
{
"name": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html"
},
{
"name": "http://www.php-fusion.co.uk/news.php?readmore=569",
"refsource": "CONFIRM",
"url": "http://www.php-fusion.co.uk/news.php?readmore=569"
},
{
"name": "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Feb/154"
},
{
"name": "52403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52403"
}
]
}
}

230
2013/1xxx/CVE-2013-1854.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record",
"refsource" : "MLIST",
"url" : "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"
},
{
"name" : "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
"refsource" : "CONFIRM",
"url" : "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
},
{
"name" : "http://support.apple.com/kb/HT5784",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5784"
},
{
"name" : "APPLE-SA-2013-06-04-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2013-10-22-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name" : "RHSA-2013:0699",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0699.html"
},
{
"name" : "RHSA-2014:1863",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
},
{
"name" : "openSUSE-SU-2013:0659",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"
},
{
"name" : "openSUSE-SU-2013:0660",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"
},
{
"name" : "openSUSE-SU-2013:0664",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"
},
{
"name" : "openSUSE-SU-2013:0667",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"
},
{
"name" : "openSUSE-SU-2013:0668",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0667",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"
},
{
"name": "APPLE-SA-2013-10-22-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0659",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"
},
{
"name": "openSUSE-SU-2013:0660",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "RHSA-2014:1863",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
},
{
"name": "openSUSE-SU-2013:0664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"
},
{
"name": "openSUSE-SU-2013:0668",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"
},
{
"name": "[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record",
"refsource": "MLIST",
"url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"
},
{
"name": "RHSA-2013:0699",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html"
},
{
"name": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
}
]
}
}

180
2013/1xxx/CVE-2013-1959.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25307",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/25307"
},
{
"name" : "[oss-security] 20130428 Multiple Linux setuid output redirection vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/29/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6708075f104c3c9b04b23336bb0366ca30c3931b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6708075f104c3c9b04b23336bb0366ca30c3931b"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e3211c120a85b792978bcb4be7b2886df18d27f0",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e3211c120a85b792978bcb4be7b2886df18d27f0"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
},
{
"name" : "https://github.com/torvalds/linux/commit/6708075f104c3c9b04b23336bb0366ca30c3931b",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6708075f104c3c9b04b23336bb0366ca30c3931b"
},
{
"name" : "https://github.com/torvalds/linux/commit/e3211c120a85b792978bcb4be7b2886df18d27f0",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/e3211c120a85b792978bcb4be7b2886df18d27f0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/e3211c120a85b792978bcb4be7b2886df18d27f0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e3211c120a85b792978bcb4be7b2886df18d27f0"
},
{
"name": "https://github.com/torvalds/linux/commit/6708075f104c3c9b04b23336bb0366ca30c3931b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6708075f104c3c9b04b23336bb0366ca30c3931b"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6708075f104c3c9b04b23336bb0366ca30c3931b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6708075f104c3c9b04b23336bb0366ca30c3931b"
},
{
"name": "[oss-security] 20130428 Multiple Linux setuid output redirection vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
},
{
"name": "25307",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/25307"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e3211c120a85b792978bcb4be7b2886df18d27f0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e3211c120a85b792978bcb4be7b2886df18d27f0"
}
]
}
}

34
2013/5xxx/CVE-2013-5285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5285",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5285",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/5xxx/CVE-2013-5655.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130929 YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/08/29/8"
},
{
"name" : "[oss-security] 20130930 Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/08/30/2"
},
{
"name" : "62074",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62074"
},
{
"name" : "96719",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/96719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130929 YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/29/8"
},
{
"name": "96719",
"refsource": "OSVDB",
"url": "http://osvdb.org/96719"
},
{
"name": "62074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62074"
},
{
"name": "[oss-security] 20130930 Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/30/2"
}
]
}
}

120
2013/5xxx/CVE-2013-5664.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/20",
"refsource" : "CONFIRM",
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/20"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/20",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/20"
}
]
}
}

170
2014/2xxx/CVE-2014-2178.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141106 Cisco RV Series multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name" : "20141106 Cisco RV Series multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name" : "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name" : "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name" : "1031171",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031171"
},
{
"name" : "cisco-cve20142178-csrf(98498)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}

120
2014/2xxx/CVE-2014-2453.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

130
2014/6xxx/CVE-2014-6030.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140917 Multiple SQL Injection Vulnerabilities in ClassApps SelectSurvey.net",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/62"
},
{
"name" : "http://packetstormsecurity.com/files/128296/ClassApps-SelectSurvey.net-4.124.004-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128296/ClassApps-SelectSurvey.net-4.124.004-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140917 Multiple SQL Injection Vulnerabilities in ClassApps SelectSurvey.net",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/62"
},
{
"name": "http://packetstormsecurity.com/files/128296/ClassApps-SelectSurvey.net-4.124.004-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128296/ClassApps-SelectSurvey.net-4.124.004-SQL-Injection.html"
}
]
}
}

130
2017/0xxx/CVE-2017-0235.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0235",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0235"
},
{
"name" : "98230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0235",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0235"
},
{
"name": "98230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98230"
}
]
}
}

140
2017/0xxx/CVE-2017-0335.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2017-0335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01.html"
},
{
"name" : "96723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96723"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96723"
},
{
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
}
]
}
}

134
2017/1000xxx/CVE-2017-1000452.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-12-29",
"ID" : "CVE-2017-1000452",
"REQUESTER" : "cve@whitehats.nl",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "samlify",
"version" : {
"version_data" : [
{
"version_value" : "2.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "tngan"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML Signature Wrapping (XSW)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000452",
"REQUESTER": "cve@whitehats.nl",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/tngan/samlify/releases/tag/v2.3.0",
"refsource" : "MISC",
"url" : "https://github.com/tngan/samlify/releases/tag/v2.3.0"
},
{
"name" : "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify",
"refsource" : "MISC",
"url" : "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tngan/samlify/releases/tag/v2.3.0",
"refsource": "MISC",
"url": "https://github.com/tngan/samlify/releases/tag/v2.3.0"
},
{
"name": "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify",
"refsource": "MISC",
"url": "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000461.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-12-29",
"ID" : "CVE-2017-1000461",
"REQUESTER" : "psnyde2@uic.edu",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Brave Browser",
"version" : {
"version_data" : [
{
"version_value" : "0.19.73"
}
]
}
}
]
},
"vendor_name" : "Brave Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000461",
"REQUESTER": "psnyde2@uic.edu",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601",
"refsource" : "MISC",
"url" : "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601",
"refsource": "MISC",
"url": "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601"
}
]
}
}

34
2017/16xxx/CVE-2017-16475.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16475",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-16475",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

208
2017/1xxx/CVE-2017-1329.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-03T00:00:00",
"ID" : "CVE-2017-1329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "5.0.x"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-07-03T00:00:00",
"ID": "CVE-2017-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "5.0.x"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
},
{
"name" : "ibm-rqm-cve20171329-html-injection(126231)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
},
{
"name": "ibm-rqm-cve20171329-html-injection(126231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
}
]
}
}

296
2017/1xxx/CVE-2017-1474.json
View File

@ -1,150 +1,150 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-04T00:00:00",
"ID" : "CVE-2017-1474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "8.0.1.5"
},
{
"version_value" : "9.0.2.1"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "9.0.3.1"
},
{
"version_value" : "8.0.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-04T00:00:00",
"ID": "CVE-2017-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "9.0.2.1"
},
{
"version_value": "9.0.3"
},
{
"version_value": "9.0.3.1"
},
{
"version_value": "8.0.1.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012329",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name" : "104476",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104476"
},
{
"name" : "ibm-sam-cve20171474-info-disc(128606)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.300",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20171474-info-disc(128606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012329",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name": "104476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104476"
}
]
}
}

148
2017/1xxx/CVE-2017-1483.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-25T00:00:00",
"ID" : "CVE-2017-1483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "7.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-25T00:00:00",
"ID": "CVE-2017-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22007375",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"name" : "101013",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101013"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007375",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007375"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128621"
}
]
}
}

34
2017/1xxx/CVE-2017-1648.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1648",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1648",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

226
2017/1xxx/CVE-2017-1649.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00",
"ID" : "CVE-2017-1649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "5.01"
},
{
"version_value" : "5.02"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133259."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-01T00:00:00",
"ID": "CVE-2017-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078"
},
{
"name" : "ibm-rqm-cve20171649-xss(133259)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133259"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133259."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078"
},
{
"name": "ibm-rqm-cve20171649-xss(133259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133259"
}
]
}
}

34
2017/1xxx/CVE-2017-1912.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1912",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1912",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4185.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4185",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4185",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4373.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4373",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4373",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4418.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4418",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4418",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}