admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:03:11 +00:00
parent e675b7d7b7
commit 42a85c5f9e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3892 additions and 3892 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2006/3xxx/CVE-2006-3168.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3168",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3168",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
"lang": "eng",
"value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
"name": "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.cs-forum.643.html"
},
{
"name" : "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource" : "MISC",
"url" : "http://www.acid-root.new.fr/advisories/csforum081.txt"
"name": "20534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20534"
},
{
"name" : "http://www.comscripts.com/scripts/php.cs-forum.643.html",
"refsource" : "CONFIRM",
"url" : "http://www.comscripts.com/scripts/php.cs-forum.643.html"
"name": "ADV-2006-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2314"
},
{
"name" : "ADV-2006-2314",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2314"
"name": "csforum-read-index-sql-injection(27176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
},
{
"name" : "26382",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26382"
"name": "20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded"
},
{
"name" : "26383",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26383"
"name": "http://www.acid-root.new.fr/advisories/csforum081.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/csforum081.txt"
},
{
"name" : "20534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20534"
"name": "1124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1124"
},
{
"name" : "1124",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1124"
"name": "26383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26383"
},
{
"name" : "csforum-read-index-sql-injection(27176)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176"
"name": "26382",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26382"
}
]
}

104
2006/3xxx/CVE-2006-3292.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3292",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3292",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)."
"lang": "eng",
"value": "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060626 Jaws <= 0.6.2 'Search gadget' SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name" : "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/JAWS_062_sql.html"
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name" : "http://www.jaws-project.com/index.php?blog/show/29",
"refsource" : "CONFIRM",
"url" : "http://www.jaws-project.com/index.php?blog/show/29"
"name": "jaws-search-gadget-sql-injection(27334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
},
{
"name" : "18665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18665"
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "CONFIRM",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name" : "ADV-2006-2546",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2546"
"name": "1165",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1165"
},
{
"name" : "20842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20842"
"name": "20060626 Jaws <= 0.6.2 'Search gadget' SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name" : "1165",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1165"
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name" : "jaws-search-gadget-sql-injection(27334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334"
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}

68
2006/3xxx/CVE-2006-3834.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3834",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3834",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors."
"lang": "eng",
"value": "EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060712 TOPo v.2.2.178 Account Reset",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439890/100/100/threaded"
"name": "1279",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1279"
},
{
"name" : "1279",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1279"
"name": "20060712 TOPo v.2.2.178 Account Reset",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439890/100/100/threaded"
}
]
}

182
2006/4xxx/CVE-2006-4573.json
View File

@ -1,161 +1,161 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4573",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4573",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the \"utf8 combining characters handling\" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the \"utf8 combining characters handling\" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[screen-users] 20061023 Secfix release for screen: screen-4.0.3",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html"
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name" : "https://issues.rpath.com/browse/RPL-734",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-734"
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305530",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305530"
"name": "SSA:2006-307-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.480775"
},
{
"name" : "APPLE-SA-2007-05-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
"name": "MDKSA-2006:191",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:191"
},
{
"name" : "DSA-1202",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1202"
"name": "ADV-2006-4189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4189"
},
{
"name" : "GLSA-200611-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-01.xml"
"name": "DSA-1202",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1202"
},
{
"name" : "MDKSA-2006:191",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:191"
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name" : "OpenPKG-SA-2006.026",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.026-screen.html"
"name": "USN-370-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-370-1"
},
{
"name" : "SSA:2006-307-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.480775"
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name" : "USN-370-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-370-1"
"name": "22611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22611"
},
{
"name" : "20727",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20727"
"name": "22573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22573"
},
{
"name" : "ADV-2006-4189",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4189"
"name": "22707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22707"
},
{
"name" : "ADV-2007-1939",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1939"
"name": "[screen-users] 20061023 Secfix release for screen: screen-4.0.3",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html"
},
{
"name" : "22583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22583"
"name": "20727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20727"
},
{
"name" : "22573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22573"
"name": "https://issues.rpath.com/browse/RPL-734",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-734"
},
{
"name" : "22611",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22611"
"name": "GLSA-200611-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-01.xml"
},
{
"name" : "22647",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22647"
"name": "OpenPKG-SA-2006.026",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.026-screen.html"
},
{
"name" : "22649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22649"
"name": "22583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22583"
},
{
"name" : "22707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22707"
"name": "22726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22726"
},
{
"name" : "22726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22726"
"name": "22647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22647"
},
{
"name" : "25402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25402"
"name": "22649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22649"
}
]
}

104
2006/4xxx/CVE-2006-4893.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4893",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4893",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060915 SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446108/100/0/threaded"
"name": "ADV-2006-3654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3654"
},
{
"name" : "20061123 Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452469/100/200/threaded"
"name": "http://nyubicrew.org/adv/Noge_adv_02.txt",
"refsource": "MISC",
"url": "http://nyubicrew.org/adv/Noge_adv_02.txt"
},
{
"name" : "http://nyubicrew.org/adv/Noge_adv_02.txt",
"refsource" : "MISC",
"url" : "http://nyubicrew.org/adv/Noge_adv_02.txt"
"name": "21970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21970"
},
{
"name" : "20046",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20046"
"name": "20060915 SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446108/100/0/threaded"
},
{
"name" : "ADV-2006-3654",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3654"
"name": "28918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28918"
},
{
"name" : "28918",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28918"
"name": "20061123 Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452469/100/200/threaded"
},
{
"name" : "21970",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21970"
"name": "20046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20046"
},
{
"name" : "1617",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1617"
"name": "1617",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1617"
}
]
}

22
2006/6xxx/CVE-2006-6005.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6005",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-6005",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}

134
2006/6xxx/CVE-2006-6158.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6158",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6158",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061122 XSS in scriptat support InverseFlow Help Desk v2.31",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452397/100/0/threaded"
"name": "23071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23071"
},
{
"name" : "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-November/001148.html"
"name": "ADV-2006-4672",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4672"
},
{
"name" : "21250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21250"
"name": "30667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30667"
},
{
"name" : "ADV-2006-4670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4670"
"name": "ADV-2006-4671",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4671"
},
{
"name" : "ADV-2006-4671",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4671"
"name": "21250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21250"
},
{
"name" : "ADV-2006-4672",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4672"
"name": "23070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23070"
},
{
"name" : "30667",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30667"
"name": "20061122 XSS in scriptat support InverseFlow Help Desk v2.31",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded"
},
{
"name" : "34034",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34034"
"name": "ADV-2006-4670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4670"
},
{
"name" : "23052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23052"
"name": "34034",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34034"
},
{
"name" : "23070",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23070"
"name": "pmoshelpdesk-ticketview-xss(30489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"
},
{
"name" : "23071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23071"
"name": "23052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23052"
},
{
"name" : "1928",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1928"
"name": "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html"
},
{
"name" : "pmoshelpdesk-ticketview-xss(30489)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"
"name": "1928",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1928"
}
]
}

86
2006/6xxx/CVE-2006-6429.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6429",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6429",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the \"TFTP/BOOTP auto configuration option.\""
"lang": "eng",
"value": "Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the \"TFTP/BOOTP auto configuration option.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf"
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf"
},
{
"name" : "21365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21365"
"name": "23265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23265"
},
{
"name" : "ADV-2006-4791",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4791"
"name": "21365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21365"
},
{
"name" : "23265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23265"
"name": "ADV-2006-4791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4791"
},
{
"name" : "xerox-tftpbootp-unauth-access(30676)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30676"
"name": "xerox-tftpbootp-unauth-access(30676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30676"
}
]
}

68
2006/6xxx/CVE-2006-6862.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6862",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6862",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061229 Spooky Login Multiple HTML Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455603/100/0/threaded"
"name": "21822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21822"
},
{
"name" : "21822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21822"
"name": "20061229 Spooky Login Multiple HTML Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455603/100/0/threaded"
}
]
}

74
2006/6xxx/CVE-2006-6902.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6902",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6902",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
"name": "36143",
"refsource": "OSVDB",
"url": "http://osvdb.org/36143"
},
{
"name" : "36143",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36143"
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
}
]
}

80
2006/7xxx/CVE-2006-7118.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7118",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7118",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter."
"lang": "eng",
"value": "SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061114 Engine Manager SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451535/100/0/threaded"
"name": "enginemanager-index-sql-injection(30260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30260"
},
{
"name" : "21064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21064"
"name": "21064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21064"
},
{
"name" : "2358",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2358"
"name": "2358",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2358"
},
{
"name" : "enginemanager-index-sql-injection(30260)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30260"
"name": "20061114 Engine Manager SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451535/100/0/threaded"
}
]
}

236
2010/2xxx/CVE-2010-2164.json
View File

@ -1,206 +1,206 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2164",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2164",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\""
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100610 Adobe Flash Player Use-After-Free Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872"
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name" : "GLSA-201101-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml"
"name": "oval:org.mitre.oval:def:15798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798"
},
{
"name" : "HPSBMA02547",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name" : "SSRT100179",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name" : "RHSA-2010:0464",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name" : "RHSA-2010:0470",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name" : "SUSE-SA:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name" : "TLSA-2010-19",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
"name": "20100610 Adobe Flash Player Use-After-Free Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872"
},
{
"name" : "TA10-162A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "40759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40759"
"name": "40759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name" : "40780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40780"
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name" : "oval:org.mitre.oval:def:6765",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765"
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "oval:org.mitre.oval:def:15798",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798"
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name" : "1024085",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024085"
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name" : "1024086",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024086"
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name" : "40144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40144"
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "40545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40545"
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name" : "43026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43026"
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name" : "ADV-2010-1453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1453"
"name": "40144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40144"
},
{
"name" : "ADV-2010-1421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1421"
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name" : "ADV-2010-1432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1432"
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name" : "ADV-2010-1434",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1434"
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "ADV-2010-1482",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1482"
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name" : "ADV-2010-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1522"
"name": "oval:org.mitre.oval:def:6765",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765"
},
{
"name" : "ADV-2010-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1793"
"name": "40780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40780"
},
{
"name" : "ADV-2011-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0192"
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}

22
2011/0xxx/CVE-2011-0099.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0099",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-0099",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}

98
2011/0xxx/CVE-2011-0134.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0134",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0134",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT4554",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4554"
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
"name": "oval:org.mitre.oval:def:17059",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17059"
},
{
"name" : "APPLE-SA-2011-03-02-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name" : "oval:org.mitre.oval:def:17059",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17059"
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
}
]
}

92
2011/0xxx/CVE-2011-0490.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0490",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0490",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages."
"lang": "eng",
"value": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)",
"refsource" : "MLIST",
"url" : "http://archives.seul.org/or/announce/Jan-2011/msg00000.html"
"name": "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)",
"refsource": "MLIST",
"url": "http://archives.seul.org/or/announce/Jan-2011/msg00000.html"
},
{
"name" : "http://blog.torproject.org/blog/tor-02129-released-security-patches",
"refsource" : "CONFIRM",
"url" : "http://blog.torproject.org/blog/tor-02129-released-security-patches"
"name": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog",
"refsource": "CONFIRM",
"url": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog"
},
{
"name" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog"
"name": "http://blog.torproject.org/blog/tor-02129-released-security-patches",
"refsource": "CONFIRM",
"url": "http://blog.torproject.org/blog/tor-02129-released-security-patches"
},
{
"name" : "https://trac.torproject.org/projects/tor/ticket/2190",
"refsource" : "CONFIRM",
"url" : "https://trac.torproject.org/projects/tor/ticket/2190"
"name": "tor-libevent-dos(64889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64889"
},
{
"name" : "45953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45953"
"name": "https://trac.torproject.org/projects/tor/ticket/2190",
"refsource": "CONFIRM",
"url": "https://trac.torproject.org/projects/tor/ticket/2190"
},
{
"name" : "tor-libevent-dos(64889)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64889"
"name": "45953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45953"
}
]
}

98
2011/1xxx/CVE-2011-1213.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1213",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1213",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W."
"lang": "eng",
"value": "Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110524 IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904"
"name": "http://www.ibm.com/support/docview.wss?uid=swg21500034",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21500034",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21500034"
"name": "47962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47962"
},
{
"name" : "47962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47962"
"name": "20110524 IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904"
},
{
"name" : "oval:org.mitre.oval:def:14634",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634"
"name": "44624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44624"
},
{
"name" : "44624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44624"
"name": "lotus-notes-lzhsr-bo(67620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67620"
},
{
"name" : "8285",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8285"
"name": "oval:org.mitre.oval:def:14634",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634"
},
{
"name" : "lotus-notes-lzhsr-bo(67620)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67620"
"name": "8285",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8285"
}
]
}

68
2011/1xxx/CVE-2011-1320.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1320",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1320",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation."
"lang": "eng",
"value": "The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
"name": "PM21536",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536"
},
{
"name" : "PM21536",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
]
}

152
2011/1xxx/CVE-2011-1578.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1578",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1578",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
"refsource" : "MLIST",
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
"name": "mediawiki-file-extensions-xss(66737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737"
},
{
"name" : "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/13/15"
"name": "FEDORA-2011-5495",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
"name": "ADV-2011-0978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0978"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
"name": "FEDORA-2011-5807",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
},
{
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235"
"name": "47354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47354"
},
{
"name" : "DSA-2366",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2366"
"name": "44142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44142"
},
{
"name" : "FEDORA-2011-5495",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
"name": "FEDORA-2011-5848",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
},
{
"name" : "FEDORA-2011-5807",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
"name": "ADV-2011-1151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1151"
},
{
"name" : "FEDORA-2011-5812",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
"name": "DSA-2366",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2366"
},
{
"name" : "FEDORA-2011-5848",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696360",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
},
{
"name" : "47354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47354"
"name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
},
{
"name" : "44142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44142"
"name": "ADV-2011-1100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1100"
},
{
"name" : "ADV-2011-0978",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0978"
"name": "FEDORA-2011-5812",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
},
{
"name" : "ADV-2011-1100",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1100"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
},
{
"name" : "ADV-2011-1151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1151"
"name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/15"
},
{
"name" : "mediawiki-file-extensions-xss(66737)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737"
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235"
}
]
}

86
2011/1xxx/CVE-2011-1666.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1666",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1666",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path."
"lang": "eng",
"value": "Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110331 HTB22909: Path disclosure in Tine 2.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517269/100/0/threaded"
"name": "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html"
},
{
"name" : "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html"
"name": "47102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47102"
},
{
"name" : "47102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47102"
"name": "tine-multiple-info-disc(66558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66558"
},
{
"name" : "8191",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8191"
"name": "8191",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8191"
},
{
"name" : "tine-multiple-info-disc(66558)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66558"
"name": "20110331 HTB22909: Path disclosure in Tine 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517269/100/0/threaded"
}
]
}

80
2011/3xxx/CVE-2011-3639.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3639",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3639",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."
"lang": "eng",
"value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1188745",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1188745"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=752080",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=752080",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=752080"
"name": "RHSA-2012:0128",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"name" : "DSA-2405",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2405"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1188745",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1188745"
},
{
"name" : "RHSA-2012:0128",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
"name": "DSA-2405",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2405"
}
]
}

22
2011/4xxx/CVE-2011-4119.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4119",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4119",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2011/4xxx/CVE-2011-4331.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4331",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4331",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4110. Reason: This candidate is a duplicate of CVE-2011-4110. Notes: All CVE users should reference CVE-2011-4110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4110. Reason: This candidate is a duplicate of CVE-2011-4110. Notes: All CVE users should reference CVE-2011-4110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

68
2011/4xxx/CVE-2011-4333.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4333",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4333",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20111121 CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/11/21/16"
"name": "[oss-security] 20111121 CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/21/16"
},
{
"name" : "[oss-security] 20140208 Fwd: Old CVE ids, public, but still",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/02/08/5"
"name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/08/5"
}
]
}

62
2011/4xxx/CVE-2011-4896.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4896",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4896",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port."
"lang": "eng",
"value": "Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.torproject.org/blog/tor-02224-alpha-out",
"refsource" : "CONFIRM",
"url" : "https://blog.torproject.org/blog/tor-02224-alpha-out"
"name": "https://blog.torproject.org/blog/tor-02224-alpha-out",
"refsource": "CONFIRM",
"url": "https://blog.torproject.org/blog/tor-02224-alpha-out"
}
]
}

22
2011/4xxx/CVE-2011-4900.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4900",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4900",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2011/5xxx/CVE-2011-5147.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5147",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5147",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php."
"lang": "eng",
"value": "Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18121",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18121"
"name": "18121",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18121"
},
{
"name" : "http://www.freewebshop.org/forum/index.php?topic=5235.0",
"refsource" : "MISC",
"url" : "http://www.freewebshop.org/forum/index.php?topic=5235.0"
"name": "77162",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77162"
},
{
"name" : "77162",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77162"
"name": "http://www.freewebshop.org/forum/index.php?topic=5235.0",
"refsource": "MISC",
"url": "http://www.freewebshop.org/forum/index.php?topic=5235.0"
}
]
}

68
2014/2xxx/CVE-2014-2264.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2264",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2264",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session."
"lang": "eng",
"value": "The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644",
"refsource" : "MISC",
"url" : "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644"
"name": "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644",
"refsource": "MISC",
"url": "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644"
},
{
"name" : "VU#534284",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/534284"
"name": "VU#534284",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534284"
}
]
}

62
2014/2xxx/CVE-2014-2297.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2297",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2297",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140408 Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531773/100/0/threaded"
"name": "20140408 Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531773/100/0/threaded"
}
]
}

74
2014/2xxx/CVE-2014-2316.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://wordpress.org/plugins/search-everything/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/search-everything/changelog/"
"name": "65765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65765"
},
{
"name" : "65765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65765"
"name": "56820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56820"
},
{
"name" : "56820",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56820"
"name": "http://wordpress.org/plugins/search-everything/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/search-everything/changelog/"
}
]
}

80
2014/2xxx/CVE-2014-2470.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2470",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2470",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
"name": "http://www.ibm.com/support/docview.wss?uid=swg24038065",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24038065"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21680702",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21680702"
"name": "http://www.ibm.com/support/docview.wss?uid=swg21680702",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21680702"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24038065",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24038065"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "59847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59847"
"name": "59847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59847"
}
]
}

80
2014/2xxx/CVE-2014-2502.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2502",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2502",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140602 ESA-2014-032: RSA Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0012.html"
"name": "20140602 ESA-2014-032: RSA Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0012.html"
},
{
"name" : "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html"
"name": "1030323",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030323"
},
{
"name" : "67792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67792"
"name": "67792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67792"
},
{
"name" : "1030323",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030323"
"name": "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html"
}
]
}

68
2014/3xxx/CVE-2014-3015.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3015",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3015",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21673260",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21673260"
"name": "ibm-sametime-cve20143015-csrf(93026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93026"
},
{
"name" : "ibm-sametime-cve20143015-csrf(93026)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93026"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673260",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673260"
}
]
}

62
2014/6xxx/CVE-2014-6251.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6251",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6251",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request."
"lang": "eng",
"value": "Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141007 CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/29"
"name": "20141007 CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/29"
}
]
}

92
2014/6xxx/CVE-2014-6273.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6273",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6273",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
"lang": "eng",
"value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "DSA-3031",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3031"
"name": "USN-2353-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2353-1"
},
{
"name" : "USN-2353-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2353-1"
"name": "70075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70075"
},
{
"name" : "70075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70075"
"name": "61710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61710"
},
{
"name" : "61605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61605"
"name": "apt-cve20146273-bo(96151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
},
{
"name" : "61710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61710"
"name": "DSA-3031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3031"
},
{
"name" : "apt-cve20146273-bo(96151)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151"
"name": "61605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61605"
}
]
}

68
2014/6xxx/CVE-2014-6295.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6295",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6295",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/"
},
{
"name" : "http://typo3.org/extensions/repository/view/wec_map",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/wec_map"
"name": "http://typo3.org/extensions/repository/view/wec_map",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_map"
}
]
}

68
2014/6xxx/CVE-2014-6481.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6481",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6481",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
"name": "1031583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031583"
},
{
"name" : "1031583",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031583"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}

22
2014/6xxx/CVE-2014-6605.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6605",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6605",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2014/6xxx/CVE-2014-6810.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6810",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6810",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#998561",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/998561"
"name": "VU#998561",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/998561"
}
]
}

74
2014/6xxx/CVE-2014-6868.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6868",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6868",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#981313",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/981313"
"name": "VU#981313",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/981313"
}
]
}

98
2014/7xxx/CVE-2014-7138.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7138",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7138",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141008 Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533640/100/0/threaded"
"name": "70370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70370"
},
{
"name" : "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html"
"name": "https://www.htbridge.com/advisory/HTB23235",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23235"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23235",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23235"
"name": "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43",
"refsource": "CONFIRM",
"url": "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43"
},
{
"name" : "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43",
"refsource" : "CONFIRM",
"url" : "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43"
"name": "wp-googlecalendarevents-cve20147138-xss(96867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96867"
},
{
"name" : "https://wordpress.org/plugins/google-calendar-events/changelog",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/google-calendar-events/changelog"
"name": "20141008 Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533640/100/0/threaded"
},
{
"name" : "70370",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70370"
"name": "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html"
},
{
"name" : "wp-googlecalendarevents-cve20147138-xss(96867)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96867"
"name": "https://wordpress.org/plugins/google-calendar-events/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/google-calendar-events/changelog"
}
]
}

86
2014/7xxx/CVE-2014-7221.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7221",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7221",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings."
"lang": "eng",
"value": "TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905",
"refsource" : "MISC",
"url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905"
"name": "70219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70219"
},
{
"name" : "http://r4p3.net/public/ts3bbcodefreeze.txt",
"refsource" : "MISC",
"url" : "http://r4p3.net/public/ts3bbcodefreeze.txt"
"name": "teamspeakclient-cve20147221-bo(96889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889"
},
{
"name" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html"
"name": "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905",
"refsource": "MISC",
"url": "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905"
},
{
"name" : "70219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70219"
"name": "http://r4p3.net/public/ts3bbcodefreeze.txt",
"refsource": "MISC",
"url": "http://r4p3.net/public/ts3bbcodefreeze.txt"
},
{
"name" : "teamspeakclient-cve20147221-bo(96889)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889"
"name": "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html"
}
]
}

74
2014/7xxx/CVE-2014-7385.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7385",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7385",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#852041",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852041"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#852041",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/852041"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

22
2014/7xxx/CVE-2014-7386.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7386",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7386",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}

76
2017/0xxx/CVE-2017-0454.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0454",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0454",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Kernel-3.10"
"version_value": "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067."
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97399",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97399"
"name": "97399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97399"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}

70
2017/0xxx/CVE-2017-0678.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0678",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0678",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2"
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151."
"lang": "eng",
"value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote code execution"
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99478",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99478"
"name": "99478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99478"
}
]
}

84
2017/0xxx/CVE-2017-0756.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0756",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0756",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "4.4.4"
"version_value": "4.4.4"
},
{
"version_value" : "5.0.2"
"version_value": "5.0.2"
},
{
"version_value" : "5.1.1"
"version_value": "5.1.1"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "7.0"
"version_value": "7.0"
},
{
"version_value" : "7.1.1"
"version_value": "7.1.1"
},
{
"version_value" : "7.1.2"
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073."
"lang": "eng",
"value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote code execution"
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
"name": "100649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100649"
},
{
"name" : "100649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100649"
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}

22
2017/0xxx/CVE-2017-0945.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0945",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0945",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2017/18xxx/CVE-2017-18042.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-02-02T00:00:00",
"ID" : "CVE-2017-18042",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-02-02T00:00:00",
"ID": "CVE-2017-18042",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Bamboo",
"version" : {
"version_data" : [
"product_name": "Bamboo",
"version": {
"version_data": [
{
"version_value" : "prior to 6.3.1"
"version_value": "prior to 6.3.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
"vendor_name": "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability."
"lang": "eng",
"value": "The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF)"
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jira.atlassian.com/browse/BAM-19663",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/BAM-19663"
"name": "103110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103110"
},
{
"name" : "103110",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103110"
"name": "https://jira.atlassian.com/browse/BAM-19663",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/BAM-19663"
}
]
}

80
2017/1xxx/CVE-2017-1503.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1503",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1503",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "IBM WebSphere Application Server ",
"version" : {
"version_data" : [
"product_name": "IBM WebSphere Application Server ",
"version": {
"version_data": [
{
"version_value" : "7.0, 8.0, 8.5, 9.0"
"version_value": "7.0, 8.0, 8.5, 9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578."
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "XSS"
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578"
"name": "101234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101234"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22006815",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22006815"
"name": "1039521",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039521"
},
{
"name" : "101234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101234"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22006815",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22006815"
},
{
"name" : "1039521",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039521"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578"
}
]
}

22
2017/1xxx/CVE-2017-1576.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1576",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1576",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

78
2017/1xxx/CVE-2017-1600.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-18T00:00:00",
"ID" : "CVE-2017-1600",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-1600",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value" : "10.0"
"version_value": "10.0"
},
{
"version_value" : "10.0.1"
"version_value": "10.0.1"
},
{
"version_value" : "10.1"
"version_value": "10.1"
},
{
"version_value" : "10.1.2"
"version_value": "10.1.2"
},
{
"version_value" : "10.1.3"
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613."
"lang": "eng",
"value": "IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009622",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009622"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009622",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009622"
}
]
}

120
2017/5xxx/CVE-2017-5188.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.com",
"DATE_PUBLIC" : "2017-03-17T00:00:00.000Z",
"ID" : "CVE-2017-5188",
"STATE" : "PUBLIC",
"TITLE" : "OBS worker VM escape via relative symbolic links"
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-03-17T00:00:00.000Z",
"ID": "CVE-2017-5188",
"STATE": "PUBLIC",
"TITLE": "OBS worker VM escape via relative symbolic links"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "open build service",
"version" : {
"version_data" : [
"product_name": "open build service",
"version": {
"version_data": [
{
"affected" : "<",
"version_value" : "20170320"
"affected": "<",
"version_value": "20170320"
}
]
}
}
]
},
"vendor_name" : "openSUSE"
"vendor_name": "openSUSE"
}
]
}
},
"credit" : [
"credit": [
{
"lang" : "eng",
"value" : "Fabian Vogt of SUSE"
"lang": "eng",
"value": "Fabian Vogt of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information."
"lang": "eng",
"value": "The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Missing checking for symlinks could use as a path traversal to read files outside of a specific directory."
"lang": "eng",
"value": "Missing checking for symlinks could use as a path traversal to read files outside of a specific directory."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1029824",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1029824"
"name": "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d"
},
{
"name" : "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d",
"refsource" : "CONFIRM",
"url" : "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d"
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1029824",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029824"
},
{
"name" : "https://www.suse.com/de-de/security/cve/CVE-2017-5188/",
"refsource" : "CONFIRM",
"url" : "https://www.suse.com/de-de/security/cve/CVE-2017-5188/"
"name": "https://www.suse.com/de-de/security/cve/CVE-2017-5188/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-5188/"
}
]
},
"source" : {
"defect" : [
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1029824"
],
"discovery" : "INTERNAL"
"discovery": "INTERNAL"
}
}

98
2017/5xxx/CVE-2017-5416.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5416",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5416",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52"
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52"
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
"vendor_name": "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52."
"lang": "eng",
"value": "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Null dereference crash in HttpChannel"
"lang": "eng",
"value": "Null dereference crash in HttpChannel"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name" : "96692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96692"
"name": "96692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96692"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121"
}
]
}

74
2017/5xxx/CVE-2017-5636.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-5636",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5636",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache NiFi",
"version" : {
"version_data" : [
"product_name": "Apache NiFi",
"version": {
"version_data": [
{
"version_value" : "0.7.0"
"version_value": "0.7.0"
},
{
"version_value" : "0.7.1"
"version_value": "0.7.1"
},
{
"version_value" : "1.1.0"
"version_value": "1.1.0"
},
{
"version_value" : "1.1.1"
"version_value": "1.1.1"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node."
"lang": "eng",
"value": "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://nifi.apache.org/security.html#CVE-2017-5636",
"refsource" : "CONFIRM",
"url" : "https://nifi.apache.org/security.html#CVE-2017-5636"
"name": "96731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96731"
},
{
"name" : "96731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96731"
"name": "https://nifi.apache.org/security.html#CVE-2017-5636",
"refsource": "CONFIRM",
"url": "https://nifi.apache.org/security.html#CVE-2017-5636"
}
]
}

22
2017/5xxx/CVE-2017-5678.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5678",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5678",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}