admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:29:47 +00:00
parent 5aad28da30
commit 3eff7fcd40
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4288 additions and 4288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

280
2006/0xxx/CVE-2006-0120.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an \"Out Of Office\" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the \"Delete Attachment\" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"name" : "16158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16158"
},
{
"name" : "ADV-2006-0081",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0081"
},
{
"name" : "18328",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18328"
},
{
"name" : "lotus-bmp-dos(24214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"name" : "lotus-certificate-parsing-dos(24216)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"name" : "lotus-compact-dos(24213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"name" : "lotus-delete-attachment-dos(24215)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"name" : "lotus-outofoffice-dos(24212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"name" : "lotus-ssl-keyring-dos(24217)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an \"Out Of Office\" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the \"Delete Attachment\" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "lotus-outofoffice-dos(24212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"name": "lotus-bmp-dos(24214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"name": "16158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "lotus-compact-dos(24213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"name": "lotus-delete-attachment-dos(24215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"name": "lotus-certificate-parsing-dos(24216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"name": "lotus-ssl-keyring-dos(24217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
},
{
"name": "18328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18328"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"name": "ADV-2006-0081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
]
}
}

170
2006/0xxx/CVE-2006-0432.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA06-119.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/176"
},
{
"name" : "16358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16358"
},
{
"name" : "ADV-2006-0313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0313"
},
{
"name" : "1015528",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015528"
},
{
"name" : "18592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18592"
},
{
"name" : "weblogic-jdni-security-weakness(24299)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24299"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0313"
},
{
"name": "weblogic-jdni-security-weakness(24299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24299"
},
{
"name": "1015528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015528"
},
{
"name": "18592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18592"
},
{
"name": "BEA06-119.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/176"
},
{
"name": "16358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16358"
}
]
}
}

160
2006/0xxx/CVE-2006-0805.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060218 [waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425394/100/0/threaded"
},
{
"name" : "http://www.waraxe.us/advisory-45.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-45.html"
},
{
"name" : "16722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16722"
},
{
"name" : "18936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18936"
},
{
"name" : "455",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16722"
},
{
"name": "455",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/455"
},
{
"name": "20060218 [waraxe-2006-SA#045] - Bypassing CAPTCHA in phpNuke 6.x-7.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425394/100/0/threaded"
},
{
"name": "18936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18936"
},
{
"name": "http://www.waraxe.us/advisory-45.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-45.html"
}
]
}
}

170
2006/3xxx/CVE-2006-3030.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/dwzone-shopping-cart-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/dwzone-shopping-cart-xss-vuln.html"
},
{
"name" : "ADV-2006-2291",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2291"
},
{
"name" : "26401",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26401"
},
{
"name" : "26402",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26402"
},
{
"name" : "20603",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20603"
},
{
"name" : "dwzone-productdetailsform-xss(27032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20603"
},
{
"name": "26402",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26402"
},
{
"name": "26401",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26401"
},
{
"name": "ADV-2006-2291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2291"
},
{
"name": "http://pridels0.blogspot.com/2006/06/dwzone-shopping-cart-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/dwzone-shopping-cart-xss-vuln.html"
},
{
"name": "dwzone-productdetailsform-xss(27032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27032"
}
]
}
}

170
2006/3xxx/CVE-2006-3602.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the advanced theme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060710 Local file inclusion in Farsinews3.0BETA1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439664/100/0/threaded"
},
{
"name" : "20060721 SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440757/100/0/threaded"
},
{
"name" : "http://forum.farsinewsteam.com/showthread.php?p=16",
"refsource" : "MISC",
"url" : "http://forum.farsinewsteam.com/showthread.php?p=16"
},
{
"name" : "18925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18925"
},
{
"name" : "1016464",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016464"
},
{
"name" : "farsinews-tinymcegzip-file-include(27650)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the advanced theme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016464"
},
{
"name": "http://forum.farsinewsteam.com/showthread.php?p=16",
"refsource": "MISC",
"url": "http://forum.farsinewsteam.com/showthread.php?p=16"
},
{
"name": "20060721 SECURITY UPDATE::Farsinews release FarsiNewsPro3.0Stable1SecurityPath1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440757/100/0/threaded"
},
{
"name": "18925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18925"
},
{
"name": "farsinews-tinymcegzip-file-include(27650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27650"
},
{
"name": "20060710 Local file inclusion in Farsinews3.0BETA1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439664/100/0/threaded"
}
]
}
}

200
2006/3xxx/CVE-2006-3670.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060727 Buffer Overflow Vulnerability in Winlpd",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441302/100/0/threaded"
},
{
"name" : "http://foro.elhacker.net/index.php/topic,131756.htm",
"refsource" : "MISC",
"url" : "http://foro.elhacker.net/index.php/topic,131756.htm"
},
{
"name" : "2014",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2014"
},
{
"name" : "19011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19011"
},
{
"name" : "ADV-2006-2823",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2823"
},
{
"name" : "27332",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=27332"
},
{
"name" : "1016510",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016510"
},
{
"name" : "21058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21058"
},
{
"name" : "winlpd-long-request-bo(27759)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2823",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2823"
},
{
"name": "27332",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27332"
},
{
"name": "20060727 Buffer Overflow Vulnerability in Winlpd",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441302/100/0/threaded"
},
{
"name": "http://foro.elhacker.net/index.php/topic,131756.htm",
"refsource": "MISC",
"url": "http://foro.elhacker.net/index.php/topic,131756.htm"
},
{
"name": "winlpd-long-request-bo(27759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27759"
},
{
"name": "2014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2014"
},
{
"name": "21058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21058"
},
{
"name": "19011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19011"
},
{
"name": "1016510",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016510"
}
]
}
}

190
2006/3xxx/CVE-2006-3841.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060718 WebScarab <= 20060621-0003 cross site scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440441/100/0/threaded"
},
{
"name" : "20060718 WebScarab <= 20060621-0003 cross site scripting",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047995.html"
},
{
"name" : "http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt"
},
{
"name" : "19063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19063"
},
{
"name" : "ADV-2006-2878",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2878"
},
{
"name" : "21114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21114"
},
{
"name" : "1276",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1276"
},
{
"name" : "webscarab-uri-xss(27797)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27797"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1276",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1276"
},
{
"name": "19063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19063"
},
{
"name": "20060718 WebScarab <= 20060621-0003 cross site scripting",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047995.html"
},
{
"name": "http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt"
},
{
"name": "20060718 WebScarab <= 20060621-0003 cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440441/100/0/threaded"
},
{
"name": "webscarab-uri-xss(27797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27797"
},
{
"name": "ADV-2006-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2878"
},
{
"name": "21114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21114"
}
]
}
}

170
2006/3xxx/CVE-2006-3984.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060730 PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441716/100/0/threaded"
},
{
"name" : "http://www.bb-pcsecurity.de/sicherheit_264.htm",
"refsource" : "MISC",
"url" : "http://www.bb-pcsecurity.de/sicherheit_264.htm"
},
{
"name" : "2100",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2100"
},
{
"name" : "19254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19254"
},
{
"name" : "1320",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1320"
},
{
"name" : "phpadsnew-viewinc-file-include(28110)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28110"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1320",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1320"
},
{
"name": "http://www.bb-pcsecurity.de/sicherheit_264.htm",
"refsource": "MISC",
"url": "http://www.bb-pcsecurity.de/sicherheit_264.htm"
},
{
"name": "phpadsnew-viewinc-file-include(28110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28110"
},
{
"name": "20060730 PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441716/100/0/threaded"
},
{
"name": "19254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19254"
},
{
"name": "2100",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2100"
}
]
}
}

34
2006/4xxx/CVE-2006-4100.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4100",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4100",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2006/4xxx/CVE-2006-4263.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060818 mambo-phphop Product Scroller Module R.F.I",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443623/100/0/threaded"
},
{
"name" : "19591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19591"
},
{
"name" : "28151",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28151"
},
{
"name" : "28152",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28152"
},
{
"name" : "28153",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28153"
},
{
"name" : "28154",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28154"
},
{
"name" : "28155",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28155"
},
{
"name" : "28156",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28156"
},
{
"name" : "28158",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28158"
},
{
"name" : "phpshop-toolbarphpshop-file-include(28441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19591"
},
{
"name": "28153",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28153"
},
{
"name": "28152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28152"
},
{
"name": "28158",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28158"
},
{
"name": "28155",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28155"
},
{
"name": "28151",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28151"
},
{
"name": "20060818 mambo-phphop Product Scroller Module R.F.I",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443623/100/0/threaded"
},
{
"name": "phpshop-toolbarphpshop-file-include(28441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28441"
},
{
"name": "28156",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28156"
},
{
"name": "28154",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28154"
}
]
}
}

170
2006/6xxx/CVE-2006-6049.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061111 shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451347/100/100/threaded"
},
{
"name" : "21030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21030"
},
{
"name" : "ADV-2006-4503",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4503"
},
{
"name" : "30370",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30370"
},
{
"name" : "22870",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22870"
},
{
"name" : "shambo2-mosconfigabsoluetpath-file-include(30235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30370"
},
{
"name": "20061111 shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451347/100/100/threaded"
},
{
"name": "shambo2-mosconfigabsoluetpath-file-include(30235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30235"
},
{
"name": "21030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21030"
},
{
"name": "22870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22870"
},
{
"name": "ADV-2006-4503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4503"
}
]
}
}

230
2006/6xxx/CVE-2006-6127.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://projects.info-pull.com/mokb/MOKB-24-11-2006.html",
"refsource" : "MISC",
"url" : "http://projects.info-pull.com/mokb/MOKB-24-11-2006.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307041",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name" : "APPLE-SA-2007-11-14",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name" : "TA07-319A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name" : "21285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21285"
},
{
"name" : "26444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26444"
},
{
"name" : "ADV-2006-4715",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4715"
},
{
"name" : "ADV-2007-3868",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name" : "30695",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30695"
},
{
"name" : "23114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23114"
},
{
"name" : "27643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27643"
},
{
"name" : "macosx-kqueue-dos(30544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "macosx-kqueue-dos(30544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30544"
},
{
"name": "21285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21285"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "ADV-2006-4715",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4715"
},
{
"name": "23114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23114"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "http://projects.info-pull.com/mokb/MOKB-24-11-2006.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/mokb/MOKB-24-11-2006.html"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name": "30695",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30695"
}
]
}
}

160
2006/7xxx/CVE-2006-7210.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2194",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2194"
},
{
"name" : "2204",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2204"
},
{
"name" : "2210",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2210"
},
{
"name" : "http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6",
"refsource" : "MISC",
"url" : "http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6"
},
{
"name" : "19520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2204",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2204"
},
{
"name": "19520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19520"
},
{
"name": "2210",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2210"
},
{
"name": "2194",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2194"
},
{
"name": "http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6"
}
]
}
}

140
2010/2xxx/CVE-2010-2235.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607662",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"name" : "RHSA-2010:0775",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=607662",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607662"
},
{
"name": "RHSA-2010:0775",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0775.html"
},
{
"name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource": "CONFIRM",
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
}

190
2010/2xxx/CVE-2010-2306.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-107/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
},
{
"name" : "https://support.sourcefire.com/notices/notice/1437",
"refsource" : "MISC",
"url" : "https://support.sourcefire.com/notices/notice/1437"
},
{
"name" : "65470",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65470"
},
{
"name" : "1024092",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024092"
},
{
"name" : "40143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40143"
},
{
"name" : "ADV-2010-1438",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1438"
},
{
"name" : "sourcefire3d-ssl-mitm(59380)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65470",
"refsource": "OSVDB",
"url": "http://osvdb.org/65470"
},
{
"name": "https://support.sourcefire.com/notices/notice/1437",
"refsource": "MISC",
"url": "https://support.sourcefire.com/notices/notice/1437"
},
{
"name": "40143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40143"
},
{
"name": "1024092",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024092"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
},
{
"name": "ADV-2010-1438",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1438"
},
{
"name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
},
{
"name": "sourcefire3d-ssl-mitm(59380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
}
]
}
}

170
2010/2xxx/CVE-2010-2320.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298"
},
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-2320",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-2320"
},
{
"name" : "http://www.eterna.com.au/bozohttpd/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://www.eterna.com.au/bozohttpd/CHANGES"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473"
},
{
"name" : "40737",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40737"
},
{
"name" : "bozohttp-publichtml-info-disclosure(60812)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eterna.com.au/bozohttpd/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.eterna.com.au/bozohttpd/CHANGES"
},
{
"name": "40737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40737"
},
{
"name": "bozohttp-publichtml-info-disclosure(60812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60812"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-2320",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2320"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298"
}
]
}
}

130
2010/2xxx/CVE-2010-2395.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

130
2010/2xxx/CVE-2010-2840.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
},
{
"name" : "ADV-2010-2186",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
]
}
}

170
2010/3xxx/CVE-2010-3082.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100909 CVE Assignment: django",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128403961700444&w=2"
},
{
"name" : "http://www.djangoproject.com/weblog/2010/sep/08/security-release/",
"refsource" : "CONFIRM",
"url" : "http://www.djangoproject.com/weblog/2010/sep/08/security-release/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=632239",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=632239"
},
{
"name" : "USN-1004-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1004-1"
},
{
"name" : "43116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43116"
},
{
"name" : "django-token-csrf(61729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1004-1"
},
{
"name": "django-token-csrf(61729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61729"
},
{
"name": "43116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43116"
},
{
"name": "[oss-security] 20100909 CVE Assignment: django",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128403961700444&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=632239",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632239"
},
{
"name": "http://www.djangoproject.com/weblog/2010/sep/08/security-release/",
"refsource": "CONFIRM",
"url": "http://www.djangoproject.com/weblog/2010/sep/08/security-release/"
}
]
}
}

190
2011/0xxx/CVE-2011-0018.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name" : "16086",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16086"
},
{
"name" : "http://www.openvas.org/OVSA20110118.html",
"refsource" : "CONFIRM",
"url" : "http://www.openvas.org/OVSA20110118.html"
},
{
"name" : "45987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45987"
},
{
"name" : "70639",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70639"
},
{
"name" : "43037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43037"
},
{
"name" : "ADV-2011-0208",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name" : "openvas-email-command-execution(65011)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45987"
},
{
"name": "http://www.openvas.org/OVSA20110118.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"refsource": "OSVDB",
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
]
}
}

180
2011/0xxx/CVE-2011-0123.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4554",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4554"
},
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "APPLE-SA-2011-03-02-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "oval:org.mitre.oval:def:17018",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "oval:org.mitre.oval:def:17018",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17018"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
}
]
}
}

34
2011/0xxx/CVE-2011-0305.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0305",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0305",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2011/0xxx/CVE-2011-0588.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "46254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46254"
},
{
"name" : "oval:org.mitre.oval:def:12378",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12378"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "adobe-reader-dll-code-exec(65293)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12378",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12378"
},
{
"name": "46254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46254"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name": "adobe-reader-dll-code-exec(65293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65293"
}
]
}
}

160
2011/0xxx/CVE-2011-0735.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"tag script.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110128 Vulnerabilities in Adobe ColdFusion",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html"
},
{
"name" : "http://websecurity.com.ua/4879/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/4879/"
},
{
"name" : "http://kb2.adobe.com/cps/890/cpsid_89094.html",
"refsource" : "CONFIRM",
"url" : "http://kb2.adobe.com/cps/890/cpsid_89094.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-04.html"
},
{
"name" : "70779",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"tag script.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70779",
"refsource": "OSVDB",
"url": "http://osvdb.org/70779"
},
{
"name": "http://websecurity.com.ua/4879/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4879/"
},
{
"name": "http://kb2.adobe.com/cps/890/cpsid_89094.html",
"refsource": "CONFIRM",
"url": "http://kb2.adobe.com/cps/890/cpsid_89094.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html"
},
{
"name": "20110128 Vulnerabilities in Adobe ColdFusion",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html"
}
]
}
}

180
2011/1xxx/CVE-2011-1208.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-142/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-142/"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21496106",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21496106"
},
{
"name" : "47584",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47584"
},
{
"name" : "1025451",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025451"
},
{
"name" : "44380",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44380"
},
{
"name" : "ADV-2011-1117",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1117"
},
{
"name" : "soliddb-null-pointer-dos(67019)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025451",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025451"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-142/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-142/"
},
{
"name": "44380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44380"
},
{
"name": "ADV-2011-1117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1117"
},
{
"name": "47584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47584"
},
{
"name": "soliddb-null-pointer-dos(67019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67019"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21496106",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21496106"
}
]
}
}

220
2011/1xxx/CVE-2011-1507.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.digium.com/pub/security/AST-2011-005.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698916",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
},
{
"name" : "DSA-2225",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2225"
},
{
"name" : "FEDORA-2011-5835",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name" : "FEDORA-2011-6208",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"name" : "1025432",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025432"
},
{
"name" : "44197",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44197"
},
{
"name" : "44529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44529"
},
{
"name" : "ADV-2011-1086",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name" : "ADV-2011-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name" : "ADV-2011-1188",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1188"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1188"
},
{
"name": "FEDORA-2011-5835",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html"
},
{
"name": "DSA-2225",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "1025432",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025432"
},
{
"name": "ADV-2011-1086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1086"
},
{
"name": "ADV-2011-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1107"
},
{
"name": "44529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44529"
},
{
"name": "FEDORA-2011-6208",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2011-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2011-005.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=698916",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698916"
},
{
"name": "44197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44197"
}
]
}
}

180
2011/1xxx/CVE-2011-1519.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-110",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"name" : "46985",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46985"
},
{
"name" : "1025241",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025241"
},
{
"name" : "43860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43860"
},
{
"name" : "8164",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8164"
},
{
"name" : "ADV-2011-0758",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-110",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"name": "ADV-2011-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0758"
},
{
"name": "1025241",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025241"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "43860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43860"
},
{
"name": "46985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46985"
},
{
"name": "8164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8164"
}
]
}
}

180
2011/1xxx/CVE-2011-1700.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110606 ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518267/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-173/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-173/"
},
{
"name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~"
},
{
"name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008722",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008722"
},
{
"name" : "48124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48124"
},
{
"name" : "1025606",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025606"
},
{
"name" : "44811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-173/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-173/"
},
{
"name": "1025606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025606"
},
{
"name": "20110606 ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518267/100/0/threaded"
},
{
"name": "http://download.novell.com/Download?buildid=6_bNby38ERg~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=6_bNby38ERg~"
},
{
"name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008722",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008722"
},
{
"name": "44811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44811"
},
{
"name": "48124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48124"
}
]
}
}

140
2011/1xxx/CVE-2011-1991.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka \"Windows Components Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-071"
},
{
"name" : "TA11-256A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"name" : "oval:org.mitre.oval:def:12871",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka \"Windows Components Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-071"
},
{
"name": "oval:org.mitre.oval:def:12871",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12871"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
]
}
}

120
2011/5xxx/CVE-2011-5143.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "47139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47139"
}
]
}
}

170
2014/3xxx/CVE-2014-3080.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34132",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34132/"
},
{
"name" : "20140721 IBM GCM16/32 v1.20.0.22575 vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/113"
},
{
"name" : "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
},
{
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
},
{
"name" : "68777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68777"
},
{
"name" : "ibm-gcm-cve20143080-xss(93929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
},
{
"name": "68777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68777"
},
{
"name": "34132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34132/"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
},
{
"name": "20140721 IBM GCM16/32 v1.20.0.22575 vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/113"
},
{
"name": "ibm-gcm-cve20143080-xss(93929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93929"
}
]
}
}

140
2014/3xxx/CVE-2014-3749.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140519 Construtiva CIS Manager CMS POST SQLi",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532155/100/0/threaded"
},
{
"name" : "20140516 [CVE-2014-3749] Construtiva CIS Manager CMS POST SQLi",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/May/73"
},
{
"name" : "67442",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67442"
},
{
"name": "20140519 Construtiva CIS Manager CMS POST SQLi",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532155/100/0/threaded"
},
{
"name": "20140516 [CVE-2014-3749] Construtiva CIS Manager CMS POST SQLi",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/73"
}
]
}
}

160
2014/3xxx/CVE-2014-3755.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3755",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/4"
},
{
"name" : "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/1"
},
{
"name" : "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814",
"refsource" : "MISC",
"url" : "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"
},
{
"name" : "http://mumble.info/security/Mumble-SA-2014-005.txt",
"refsource" : "CONFIRM",
"url" : "http://mumble.info/security/Mumble-SA-2014-005.txt"
},
{
"name" : "67400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67400"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mumble.info/security/Mumble-SA-2014-005.txt",
"refsource": "CONFIRM",
"url": "http://mumble.info/security/Mumble-SA-2014-005.txt"
},
{
"name": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814",
"refsource": "MISC",
"url": "https://qt.gitorious.org/qt/mumble-developers-qt/commit/2147fa767980fe27a14f018b1528dbf880b96814"
},
{
"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"
},
{
"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"
},
{
"name": "67400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67400"
}
]
}
}

34
2014/3xxx/CVE-2014-3826.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3826",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3826",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2014/6xxx/CVE-2014-6427.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6427",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-17.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73959159dbf34b4a0b50fbd19e05cb1b470be9b0",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73959159dbf34b4a0b50fbd19e05cb1b470be9b0"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1676",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1676"
},
{
"name" : "DSA-3049",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3049"
},
{
"name" : "RHSA-2014:1676",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
},
{
"name" : "SUSE-SU-2014:1221",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html"
},
{
"name" : "openSUSE-SU-2014:1249",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html"
},
{
"name" : "60578",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60578"
},
{
"name" : "60280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60280"
},
{
"name" : "61929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1676",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1676"
},
{
"name": "openSUSE-SU-2014:1249",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2014-17.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2014-17.html"
},
{
"name": "RHSA-2014:1676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
},
{
"name": "DSA-3049",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3049"
},
{
"name": "SUSE-SU-2014:1221",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html"
},
{
"name": "60280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60280"
},
{
"name": "60578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60578"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73959159dbf34b4a0b50fbd19e05cb1b470be9b0",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73959159dbf34b4a0b50fbd19e05cb1b470be9b0"
},
{
"name": "61929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61929"
}
]
}
}

140
2014/6xxx/CVE-2014-6742.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#512361",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/512361"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#512361",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/512361"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6753.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#433513",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/433513"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#433513",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/433513"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

150
2014/7xxx/CVE-2014-7158.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/108"
},
{
"name" : "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html"
},
{
"name" : "70161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70161"
},
{
"name" : "exindawan-cve20147158-csrf(96702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html"
},
{
"name": "exindawan-cve20147158-csrf(96702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96702"
},
{
"name": "70161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70161"
},
{
"name": "20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/108"
}
]
}
}

120
2014/7xxx/CVE-2014-7170.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://puppetlabs.com/security/cve/cve-2014-7170",
"refsource" : "CONFIRM",
"url" : "http://puppetlabs.com/security/cve/cve-2014-7170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-7170",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-7170"
}
]
}
}

34
2014/7xxx/CVE-2014-7305.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7305",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7305",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/2xxx/CVE-2016-2001.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073504",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073504"
},
{
"name" : "1035505",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073504",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073504"
},
{
"name": "1035505",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035505"
}
]
}
}

130
2016/2xxx/CVE-2016-2010.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
},
{
"name" : "1035767",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035767"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
}
]
}
}

34
2016/2xxx/CVE-2016-2253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2253",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2253",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/2xxx/CVE-2016-2565.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0002",
"refsource" : "MISC",
"url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0002"
},
{
"name" : "97658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97658"
},
{
"name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0002",
"refsource": "MISC",
"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0002"
}
]
}
}

34
2016/2xxx/CVE-2016-2891.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2891",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2891",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2017/0xxx/CVE-2017-0464.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f"
},
{
"name" : "96735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96735"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f"
},
{
"name": "96735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96735"
}
]
}
}

158
2017/18xxx/CVE-2017-18037.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2017-02-02T00:00:00",
"ID" : "CVE-2017-18037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bitbucket Server",
"version" : {
"version_data" : [
{
"version_value" : "from 3.7.0 prior to 4.14.11"
},
{
"version_value" : "from 5.0.0 prior to 5.0.9"
},
{
"version_value" : "from 5.1.0 prior to 5.1.8"
},
{
"version_value" : "from 5.2.0 prior to 5.2.6"
},
{
"version_value" : "from 5.3.0 prior to 5.3.4"
},
{
"version_value" : "from 5.4.0 prior to 5.4.2"
},
{
"version_value" : "from 5.5.0 prior to 5.5.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-02-02T00:00:00",
"ID": "CVE-2017-18037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitbucket Server",
"version": {
"version_data": [
{
"version_value": "from 3.7.0 prior to 4.14.11"
},
{
"version_value": "from 5.0.0 prior to 5.0.9"
},
{
"version_value": "from 5.1.0 prior to 5.1.8"
},
{
"version_value": "from 5.2.0 prior to 5.2.6"
},
{
"version_value": "from 5.3.0 prior to 5.3.4"
},
{
"version_value": "from 5.4.0 prior to 5.4.2"
},
{
"version_value": "from 5.5.0 prior to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/BSERV-10595",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/BSERV-10595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/BSERV-10595",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/BSERV-10595"
}
]
}
}

180
2017/18xxx/CVE-2017-18248.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18248",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"name" : "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name" : "https://security.cucumberlinux.com/security/details.php?id=346",
"refsource" : "MISC",
"url" : "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"name" : "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"refsource" : "CONFIRM",
"url" : "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"name" : "https://github.com/apple/cups/issues/5143",
"refsource" : "CONFIRM",
"url" : "https://github.com/apple/cups/issues/5143"
},
{
"name" : "https://github.com/apple/cups/releases/tag/v2.2.6",
"refsource" : "CONFIRM",
"url" : "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"name" : "USN-3713-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3713-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"name": "https://github.com/apple/cups/issues/5143",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/issues/5143"
},
{
"name": "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name": "USN-3713-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"name": "https://security.cucumberlinux.com/security/details.php?id=346",
"refsource": "MISC",
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"name": "https://github.com/apple/cups/releases/tag/v2.2.6",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"name": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
}
]
}
}

288
2017/1xxx/CVE-2017-1294.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00",
"ID" : "CVE-2017-1294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
},
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-28T00:00:00",
"ID": "CVE-2017-1294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www-prd-trops.events.ibm.com/node/715749",
"refsource" : "CONFIRM",
"url" : "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name" : "ibm-rqm-cve20171294-xss(125155)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name": "ibm-rqm-cve20171294-xss(125155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
}
]
}
}

178
2017/1xxx/CVE-2017-1297.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42260",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42260/"
},
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004878",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004878"
},
{
"name" : "99271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99271"
},
{
"name" : "1038772",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99271"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125159"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004878",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004878"
},
{
"name": "1038772",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038772"
},
{
"name": "42260",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42260/"
}
]
}
}

188
2017/1xxx/CVE-2017-1544.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-17T00:00:00",
"ID" : "CVE-2017-1544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0"
},
{
"version_value" : "2.2.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "P",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "2.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-07-17T00:00:00",
"ID": "CVE-2017-1544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2.0"
},
{
"version_value": "2.2.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716997",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716997"
},
{
"name" : "104885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104885"
},
{
"name" : "ibm-sterling-cve20171544-info-disc(130812)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "P",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "2.400",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104885"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10716997",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10716997"
},
{
"name": "ibm-sterling-cve20171544-info-disc(130812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130812"
}
]
}
}

34
2017/1xxx/CVE-2017-1674.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1674",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1674",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/5xxx/CVE-2017-5001.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-5001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version" : {
"version_data" : [
{
"version_value" : "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-5001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1",
"version": {
"version_data": [
{
"version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource" : "CONFIRM",
"url" : "http://seclists.org/fulldisclosure/2017/Jun/49"
},
{
"name" : "99354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99354"
},
{
"name" : "1038815",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99354"
},
{
"name": "1038815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038815"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/49",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jun/49"
}
]
}
}

180
2017/5xxx/CVE-2017-5029.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/676623",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/676623"
},
{
"name" : "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5",
"refsource" : "CONFIRM",
"url" : "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name" : "DSA-3810",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3810"
},
{
"name" : "RHSA-2017:0499",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"name" : "96767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96767"
},
{
"name" : "1038157",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"name": "https://crbug.com/676623",
"refsource": "CONFIRM",
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
}

170
2017/5xxx/CVE-2017-5066.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/690821",
"refsource" : "MISC",
"url" : "https://crbug.com/690821"
},
{
"name" : "GLSA-201705-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-02"
},
{
"name" : "RHSA-2017:1124",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name" : "97939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97939"
},
{
"name" : "1038317",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "https://crbug.com/690821",
"refsource": "MISC",
"url": "https://crbug.com/690821"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}

140
2017/5xxx/CVE-2017-5346.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html",
"refsource" : "MISC",
"url" : "http://code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html"
},
{
"name" : "https://github.com/semplon/GeniXCMS/issues/61",
"refsource" : "MISC",
"url" : "https://github.com/semplon/GeniXCMS/issues/61"
},
{
"name" : "95655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html"
},
{
"name": "95655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95655"
},
{
"name": "https://github.com/semplon/GeniXCMS/issues/61",
"refsource": "MISC",
"url": "https://github.com/semplon/GeniXCMS/issues/61"
}
]
}
}