admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:00:34 +00:00
parent 8e22872252
commit 4b9097a962
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3830 additions and 3830 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0693.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010603 Webtrends HTTP Server %20 bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=99166905208903&w=2"
},
{
"name" : "2812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2812"
},
{
"name" : "webtrends-unicode-reveal-source(6639)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webtrends-unicode-reveal-source(6639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6639"
},
{
"name": "2812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2812"
},
{
"name": "20010603 Webtrends HTTP Server %20 bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99166905208903&w=2"
}
]
}
}

130
2001/0xxx/CVE-2001-0761.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010702 [SNS Advisory No.36] TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/194463"
},
{
"name" : "2959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2959"
},
{
"name": "20010702 [SNS Advisory No.36] TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/194463"
}
]
}
}

140
2001/0xxx/CVE-2001-0772.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX0105-151",
"refsource" : "HP",
"url" : "http://archives.neohapsis.com/archives/hp/2001-q2/0044.html"
},
{
"name" : "oval:org.mitre.oval:def:6022",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6022"
},
{
"name" : "hpux-cde-bo(6585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6022",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6022"
},
{
"name": "hpux-cde-bo(6585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6585"
},
{
"name": "HPSBUX0105-151",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q2/0044.html"
}
]
}
}

170
2001/0xxx/CVE-2001-0889.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=100877978506387&w=2"
},
{
"name" : "DSA-097",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-097"
},
{
"name" : "RHSA-2001:176",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-176.html"
},
{
"name" : "VU#283723",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/283723"
},
{
"name" : "3728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3728"
},
{
"name" : "exim-pipe-hostname-commands(7738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3728"
},
{
"name": "exim-pipe-hostname-commands(7738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7738"
},
{
"name": "DSA-097",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-097"
},
{
"name": "20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100877978506387&w=2"
},
{
"name": "VU#283723",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/283723"
},
{
"name": "RHSA-2001:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-176.html"
}
]
}
}

140
2001/1xxx/CVE-2001-1152.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010905 Various problems in Baltimore WebSweeper URL filtering",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/212283"
},
{
"name" : "http://www.mimesweeper.com/support/technotes/notes/1043.asp",
"refsource" : "MISC",
"url" : "http://www.mimesweeper.com/support/technotes/notes/1043.asp"
},
{
"name" : "3296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mimesweeper.com/support/technotes/notes/1043.asp",
"refsource": "MISC",
"url": "http://www.mimesweeper.com/support/technotes/notes/1043.asp"
},
{
"name": "20010905 Various problems in Baltimore WebSweeper URL filtering",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/212283"
},
{
"name": "3296",
"refsource": "BID",
"url": "http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296"
}
]
}
}

170
2006/2xxx/CVE-2006-2044.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060424 Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432007/100/0/threaded"
},
{
"name" : "17698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17698"
},
{
"name" : "ADV-2006-1540",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1540"
},
{
"name" : "19818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19818"
},
{
"name" : "793",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/793"
},
{
"name" : "ip3-na75-default-account(26112)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1540"
},
{
"name": "ip3-na75-default-account(26112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26112"
},
{
"name": "793",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/793"
},
{
"name": "20060424 Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432007/100/0/threaded"
},
{
"name": "17698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17698"
},
{
"name": "19818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19818"
}
]
}
}

180
2006/2xxx/CVE-2006-2143.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) color, (2) size, or (3) url bbcode tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060429 TextFileBB 1.0.16 Multiple XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432461/100/0/threaded"
},
{
"name" : "17750",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17750"
},
{
"name" : "25123",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25123"
},
{
"name" : "1016013",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016013"
},
{
"name" : "19883",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19883"
},
{
"name" : "828",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/828"
},
{
"name" : "textfilebb-bbcode-tags-xss(26129)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) color, (2) size, or (3) url bbcode tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "828",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/828"
},
{
"name": "1016013",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016013"
},
{
"name": "17750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17750"
},
{
"name": "19883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19883"
},
{
"name": "20060429 TextFileBB 1.0.16 Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432461/100/0/threaded"
},
{
"name": "textfilebb-bbcode-tags-xss(26129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26129"
},
{
"name": "25123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25123"
}
]
}
}

160
2006/2xxx/CVE-2006-2291.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17925"
},
{
"name" : "ADV-2006-1731",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1731"
},
{
"name" : "25354",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25354"
},
{
"name" : "20037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20037"
},
{
"name" : "iacalendar-calendarnew-xss(26361)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iacalendar-calendarnew-xss(26361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26361"
},
{
"name": "20037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20037"
},
{
"name": "ADV-2006-1731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1731"
},
{
"name": "25354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25354"
},
{
"name": "17925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17925"
}
]
}
}

170
2006/2xxx/CVE-2006-2477.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060518 Multiple Vulns in Bitrix CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name" : "ADV-2006-1858",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name" : "1016121",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016121"
},
{
"name" : "20143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20143"
},
{
"name" : "918",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/918"
},
{
"name" : "bitrixcms-admin-interface-xss(26544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrixcms-admin-interface-xss(26544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26544"
},
{
"name": "ADV-2006-1858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1858"
},
{
"name": "20143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20143"
},
{
"name": "20060518 Multiple Vulns in Bitrix CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434367/100/0/threaded"
},
{
"name": "1016121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016121"
},
{
"name": "918",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/918"
}
]
}
}

160
2006/2xxx/CVE-2006-2562.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html",
"refsource" : "MISC",
"url" : "http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html"
},
{
"name" : "http://www.securityview.org/how-does-the-upnp-flaw-works.html",
"refsource" : "MISC",
"url" : "http://www.securityview.org/how-does-the-upnp-flaw-works.html"
},
{
"name" : "ADV-2006-1910",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1910"
},
{
"name" : "20184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20184"
},
{
"name" : "zyxel-upnp-security-bypass(26710)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityview.org/how-does-the-upnp-flaw-works.html",
"refsource": "MISC",
"url": "http://www.securityview.org/how-does-the-upnp-flaw-works.html"
},
{
"name": "zyxel-upnp-security-bypass(26710)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26710"
},
{
"name": "20184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20184"
},
{
"name": "ADV-2006-1910",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1910"
},
{
"name": "http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html",
"refsource": "MISC",
"url": "http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html"
}
]
}
}

150
2006/6xxx/CVE-2006-6616.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka \"multi-gallery admin session spanning.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=471109",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=471109"
},
{
"name" : "21590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21590"
},
{
"name" : "23383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23383"
},
{
"name" : "w00t-index-security-bypass(30886)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka \"multi-gallery admin session spanning.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=471109",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=471109"
},
{
"name": "21590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21590"
},
{
"name": "w00t-index-security-bypass(30886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30886"
},
{
"name": "23383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23383"
}
]
}
}

180
2008/5xxx/CVE-2008-5315.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081121 DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498559/100/0/threaded"
},
{
"name" : "20081205 RE: DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-12/0061.html"
},
{
"name" : "20081121 DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065822.html"
},
{
"name" : "32412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32412"
},
{
"name" : "32852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32852"
},
{
"name" : "4681",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4681"
},
{
"name" : "iphone-utility-httpget-dir-traversal(46807)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081121 DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065822.html"
},
{
"name": "20081121 DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498559/100/0/threaded"
},
{
"name": "iphone-utility-httpget-dir-traversal(46807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46807"
},
{
"name": "32852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32852"
},
{
"name": "4681",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4681"
},
{
"name": "20081205 RE: DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0061.html"
},
{
"name": "32412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32412"
}
]
}
}

160
2011/2xxx/CVE-2011-2349.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=85418",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=85418"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html"
},
{
"name" : "oval:org.mitre.oval:def:14712",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14712"
},
{
"name" : "1025730",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025730"
},
{
"name" : "45097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html"
},
{
"name": "45097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45097"
},
{
"name": "oval:org.mitre.oval:def:14712",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14712"
},
{
"name": "1025730",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025730"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=85418",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=85418"
}
]
}
}

34
2011/2xxx/CVE-2011-2550.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2550",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2550",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2011/2xxx/CVE-2011-2677.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-2677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cs.cybozu.co.jp/information/20111005notice01.php",
"refsource" : "CONFIRM",
"url" : "http://cs.cybozu.co.jp/information/20111005notice01.php"
},
{
"name" : "JVN#84838479",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN84838479/index.html"
},
{
"name" : "JVNDB-2011-000079",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html"
},
{
"name" : "50015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50015"
},
{
"name" : "76124",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76124"
},
{
"name" : "46321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46321"
},
{
"name" : "cybozuoffice-unspecified-security-bypass(70411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76124",
"refsource": "OSVDB",
"url": "http://osvdb.org/76124"
},
{
"name": "http://cs.cybozu.co.jp/information/20111005notice01.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20111005notice01.php"
},
{
"name": "cybozuoffice-unspecified-security-bypass(70411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70411"
},
{
"name": "JVN#84838479",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN84838479/index.html"
},
{
"name": "JVNDB-2011-000079",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000079.html"
},
{
"name": "50015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50015"
},
{
"name": "46321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46321"
}
]
}
}

210
2011/2xxx/CVE-2011-2833.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "52365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52365"
},
{
"name" : "oval:org.mitre.oval:def:17276",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17276"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20112833-code-execution(73789)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-webkit-cve20112833-code-execution(73789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73789"
},
{
"name": "52365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52365"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "oval:org.mitre.oval:def:17276",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17276"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

180
2011/2xxx/CVE-2011-2845.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=86758",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=86758"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "oval:org.mitre.oval:def:13044",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "oval:org.mitre.oval:def:13044",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=86758",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=86758"
}
]
}
}

270
2011/3xxx/CVE-2011-3071.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=118273",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=118273"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
},
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "GLSA-201204-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201204-03.xml"
},
{
"name" : "52913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52913"
},
{
"name" : "81041",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81041"
},
{
"name" : "oval:org.mitre.oval:def:15317",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15317"
},
{
"name" : "1026892",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026892"
},
{
"name" : "48732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48732"
},
{
"name" : "48749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48749"
},
{
"name" : "chrome-hme-code-execution(74631)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
},
{
"name": "1026892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026892"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "52913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52913"
},
{
"name": "chrome-hme-code-execution(74631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74631"
},
{
"name": "48749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48749"
},
{
"name": "oval:org.mitre.oval:def:15317",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15317"
},
{
"name": "48732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48732"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "GLSA-201204-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201204-03.xml"
},
{
"name": "81041",
"refsource": "OSVDB",
"url": "http://osvdb.org/81041"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=118273",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=118273"
}
]
}
}

34
2011/3xxx/CVE-2011-3286.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3286",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3286",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2011/3xxx/CVE-2011-3605.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111007 radvd 1.8.2 released with security fixes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/10/06/3"
},
{
"name" : "http://www.litech.org/radvd/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://www.litech.org/radvd/CHANGES"
},
{
"name" : "DSA-2323",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2323"
},
{
"name" : "USN-1257-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1257-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111007 radvd 1.8.2 released with security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/06/3"
},
{
"name": "DSA-2323",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2323"
},
{
"name": "http://www.litech.org/radvd/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.litech.org/radvd/CHANGES"
},
{
"name": "USN-1257-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1257-1"
}
]
}
}

160
2011/3xxx/CVE-2011-3638.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111024 Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/10/24/2"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747942",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747942"
},
{
"name" : "https://github.com/torvalds/linux/commit/667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3"
},
{
"name": "[oss-security] 20111024 Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/24/2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=747942",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747942"
}
]
}
}

220
2011/3xxx/CVE-2011-3872.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka \"AltNames Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1",
"refsource" : "CONFIRM",
"url" : "http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1"
},
{
"name" : "http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/",
"refsource" : "CONFIRM",
"url" : "http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/"
},
{
"name" : "https://puppet.com/security/cve/cve-2011-3872",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2011-3872"
},
{
"name" : "USN-1238-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1238-1"
},
{
"name" : "USN-1238-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1238-2"
},
{
"name" : "50356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50356"
},
{
"name" : "46550",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46550"
},
{
"name" : "46578",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46578"
},
{
"name" : "46934",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46934"
},
{
"name" : "46964",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46964"
},
{
"name" : "puppet-x509-spoofing(70970)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70970"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka \"AltNames Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46550"
},
{
"name": "USN-1238-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1238-2"
},
{
"name": "http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/"
},
{
"name": "puppet-x509-spoofing(70970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70970"
},
{
"name": "46578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46578"
},
{
"name": "https://puppet.com/security/cve/cve-2011-3872",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2011-3872"
},
{
"name": "46934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46934"
},
{
"name": "http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1"
},
{
"name": "50356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50356"
},
{
"name": "46964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46964"
},
{
"name": "USN-1238-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1238-1"
}
]
}
}

170
2013/0xxx/CVE-2013-0310.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/20/5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=912900",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
},
{
"name" : "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177"
},
{
"name" : "RHSA-2013:0496",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0496",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912900",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912900"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89d7ae34cdda4195809a5a987f697a517a2a3177"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8"
},
{
"name": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177"
},
{
"name": "[oss-security] 20130219 Re: CVE request -- Linux kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/20/5"
}
]
}
}

280
2013/0xxx/CVE-2013-0423.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
},
{
"name" : "HPSBUX02864",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
},
{
"name" : "SSRT101156",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
},
{
"name" : "HPSBMU02874",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name" : "HPSBUX02857",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
},
{
"name" : "SSRT101103",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
},
{
"name" : "SSRT101184",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name" : "RHSA-2013:0236",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
},
{
"name" : "RHSA-2013:0237",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "TA13-032A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
},
{
"name" : "VU#858729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/858729"
},
{
"name" : "57716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57716"
},
{
"name" : "oval:org.mitre.oval:def:16476",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16476"
},
{
"name" : "oval:org.mitre.oval:def:18869",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18869"
},
{
"name" : "oval:org.mitre.oval:def:19425",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57716"
},
{
"name": "oval:org.mitre.oval:def:18869",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18869"
},
{
"name": "SSRT101156",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
},
{
"name": "TA13-032A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
},
{
"name": "RHSA-2013:0236",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "VU#858729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858729"
},
{
"name": "oval:org.mitre.oval:def:19425",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19425"
},
{
"name": "RHSA-2013:0237",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
},
{
"name": "HPSBUX02857",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
},
{
"name": "oval:org.mitre.oval:def:16476",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16476"
},
{
"name": "HPSBMU02874",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "SSRT101103",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "HPSBUX02864",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
}
]
}
}

190
2013/0xxx/CVE-2013-0626.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2013-0626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
},
{
"name" : "RHSA-2013:0150",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html"
},
{
"name" : "SUSE-SU-2013:0044",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html"
},
{
"name" : "SUSE-SU-2013:0047",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html"
},
{
"name" : "openSUSE-SU-2013:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html"
},
{
"name" : "openSUSE-SU-2013:0193",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html"
},
{
"name" : "oval:org.mitre.oval:def:16289",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:16289",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16289"
},
{
"name": "SUSE-SU-2013:0047",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html"
},
{
"name": "openSUSE-SU-2013:0193",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html"
},
{
"name": "openSUSE-SU-2013:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html"
},
{
"name": "RHSA-2013:0150",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

140
2013/0xxx/CVE-2013-0953.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-0953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5642",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5642"
},
{
"name" : "APPLE-SA-2013-01-28-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
},
{
"name" : "APPLE-SA-2013-03-14-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5642",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5642"
},
{
"name": "APPLE-SA-2013-03-14-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html"
},
{
"name": "APPLE-SA-2013-01-28-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
}
]
}
}

180
2013/1xxx/CVE-2013-1042.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-1042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5934",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5934"
},
{
"name" : "http://support.apple.com/kb/HT6001",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6001"
},
{
"name" : "APPLE-SA-2013-09-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"name" : "APPLE-SA-2013-10-22-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name" : "APPLE-SA-2013-10-22-8",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name" : "1029054",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029054"
},
{
"name" : "54886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-8",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "1029054",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029054"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

140
2013/1xxx/CVE-2013-1344.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability,\" a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-3864, and CVE-2013-3865."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-1344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-076",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076"
},
{
"name" : "TA13-253A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"name" : "oval:org.mitre.oval:def:18792",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18792"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability,\" a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-3864, and CVE-2013-3865."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18792",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18792"
},
{
"name": "MS13-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}

170
2013/1xxx/CVE-2013-1442.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130925 Xen Security Advisory 62 (CVE-2013-1442) - Information leak on AVX and/or LWP capable CPUs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/09/25/2"
},
{
"name" : "DSA-3006",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3006"
},
{
"name" : "GLSA-201407-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name" : "openSUSE-SU-2013:1636",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
},
{
"name" : "SUSE-SU-2014:0446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name" : "1029090",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130925 Xen Security Advisory 62 (CVE-2013-1442) - Information leak on AVX and/or LWP capable CPUs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/25/2"
},
{
"name": "1029090",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029090"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "DSA-3006",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3006"
},
{
"name": "openSUSE-SU-2013:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
}
]
}
}

130
2013/1xxx/CVE-2013-1517.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

160
2013/1xxx/CVE-2013-1548.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2013:0772",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0772.html"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "RHSA-2013:0772",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0772.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2013/1xxx/CVE-2013-1744.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1744",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1744",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/5xxx/CVE-2013-5069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5069",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5069",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

140
2013/5xxx/CVE-2013-5390.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652630",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652630"
},
{
"name" : "PM97439",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439"
},
{
"name" : "ws-extremescale-cve20135390-xss(87126)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652630",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652630"
},
{
"name": "ws-extremescale-cve20135390-xss(87126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87126"
},
{
"name": "PM97439",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439"
}
]
}
}

190
2013/5xxx/CVE-2013-5721.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51603",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51603"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9079",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9079"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2013-58.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2013-58.html"
},
{
"name" : "RHSA-2014:0341",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name" : "openSUSE-SU-2013:1481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html"
},
{
"name" : "openSUSE-SU-2013:1483",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html"
},
{
"name" : "oval:org.mitre.oval:def:18518",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18518"
},
{
"name" : "55022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55022"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html"
},
{
"name": "RHSA-2014:0341",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name": "55022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55022"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2013-58.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2013-58.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9079",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9079"
},
{
"name": "oval:org.mitre.oval:def:18518",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18518"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51603",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51603"
},
{
"name": "openSUSE-SU-2013:1483",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html"
}
]
}
}

140
2013/5xxx/CVE-2013-5856.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name" : "63099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/63099"
},
{
"name" : "98493",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "98493",
"refsource": "OSVDB",
"url": "http://osvdb.org/98493"
},
{
"name": "63099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63099"
}
]
}
}

150
2014/2xxx/CVE-2014-2795.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "68379",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68379"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68379"
},
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}
}

140
2017/0xxx/CVE-2017-0509.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96797"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96797"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000174.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.391109",
"ID" : "CVE-2017-1000174",
"REQUESTER" : "vuln_reporter@srcms.xyz",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "swftools",
"version" : {
"version_data" : [
{
"version_value" : "latest"
}
]
}
}
]
},
"vendor_name" : ""
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In SWFTools, an address access exception was found in swfdump swf_GetBits()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.391109",
"ID": "CVE-2017-1000174",
"REQUESTER": "vuln_reporter@srcms.xyz",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/matthiaskramm/swftools/issues/21",
"refsource" : "MISC",
"url" : "https://github.com/matthiaskramm/swftools/issues/21"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SWFTools, an address access exception was found in swfdump swf_GetBits()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthiaskramm/swftools/issues/21",
"refsource": "MISC",
"url": "https://github.com/matthiaskramm/swftools/issues/21"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000239.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.468591",
"ID" : "CVE-2017-1000239",
"REQUESTER" : "j.singh@sec-consult.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "InvoicePlane",
"version" : {
"version_data" : [
{
"version_value" : "1.4.10"
}
]
}
}
]
},
"vendor_name" : "InvoicePlane"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.468591",
"ID": "CVE-2017-1000239",
"REQUESTER": "j.singh@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt"
}
]
}
}

34
2017/12xxx/CVE-2017-12569.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12569",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12569",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/12xxx/CVE-2017-12605.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
},
{
"name" : "https://github.com/opencv/opencv/issues/9309",
"refsource" : "MISC",
"url" : "https://github.com/opencv/opencv/issues/9309"
},
{
"name" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md",
"refsource" : "MISC",
"url" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md"
},
{
"name" : "GLSA-201712-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201712-02"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
},
{
"name": "GLSA-201712-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-02"
},
{
"name": "https://github.com/xiaoqx/pocs/blob/master/opencv.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/opencv.md"
},
{
"name": "https://github.com/opencv/opencv/issues/9309",
"refsource": "MISC",
"url": "https://github.com/opencv/opencv/issues/9309"
}
]
}
}

34
2017/12xxx/CVE-2017-12766.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12766",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12766",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/12xxx/CVE-2017-12767.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12767",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12767",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/16xxx/CVE-2017-16060.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "babelcli node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Embedded Malicious Code (CWE-506)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "babelcli node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/499",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/499",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/499"
}
]
}
}

122
2017/16xxx/CVE-2017-16073.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "noderequest node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Embedded Malicious Code (CWE-506)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "noderequest node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/512",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/512"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/512",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/512"
}
]
}
}

130
2017/16xxx/CVE-2017-16530.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4"
},
{
"name" : "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ",
"refsource" : "MISC",
"url" : "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ"
},
{
"name": "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/786de92b3cb26012d3d0f00ee37adf14527f35c4"
}
]
}
}

140
2017/16xxx/CVE-2017-16755.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16755",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the \"return\" parameter of the \"index.php?pg=moderated\" endpoint. It executes when the return link is clicked."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ruby.sh/helpspot-disclosure-20180206.txt",
"refsource" : "MISC",
"url" : "https://ruby.sh/helpspot-disclosure-20180206.txt"
},
{
"name" : "https://www.helpspot.com/releases",
"refsource" : "MISC",
"url" : "https://www.helpspot.com/releases"
},
{
"name" : "https://www.helpspot.com/releases/version-4-7-2",
"refsource" : "MISC",
"url" : "https://www.helpspot.com/releases/version-4-7-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the \"return\" parameter of the \"index.php?pg=moderated\" endpoint. It executes when the return link is clicked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.helpspot.com/releases",
"refsource": "MISC",
"url": "https://www.helpspot.com/releases"
},
{
"name": "https://ruby.sh/helpspot-disclosure-20180206.txt",
"refsource": "MISC",
"url": "https://ruby.sh/helpspot-disclosure-20180206.txt"
},
{
"name": "https://www.helpspot.com/releases/version-4-7-2",
"refsource": "MISC",
"url": "https://www.helpspot.com/releases/version-4-7-2"
}
]
}
}

34
2017/4xxx/CVE-2017-4361.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4361",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4361",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4687.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4687",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4687",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4768.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4768",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4768",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

130
2017/4xxx/CVE-2017-4959.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-4959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PCF Elastic Runtime",
"version" : {
"version_data" : [
{
"version_value" : "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Pivotal Cloud Foundry account authorization vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2017-4959",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2017-4959"
},
{
"name" : "96218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry account authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96218"
},
{
"name": "https://pivotal.io/security/cve-2017-4959",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4959"
}
]
}
}

130
2018/18xxx/CVE-2018-18776.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45755",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45755/"
},
{
"name" : "http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45755",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45755/"
},
{
"name": "http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html"
}
]
}
}

244
2018/5xxx/CVE-2018-5379.json
View File

@ -1,124 +1,124 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"DATE_PUBLIC" : "2018-02-15T00:00:00.000Z",
"ID" : "CVE-2018-5379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "bgpd",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "bpgd",
"version_value" : "1.2.3"
}
]
}
}
]
},
"vendor_name" : "Quagga"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-415: Double Free"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-02-15T00:00:00.000Z",
"ID": "CVE-2018-5379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bgpd",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "bpgd",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Quagga"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name" : "http://savannah.nongnu.org/forum/forum.php?forum_id=9095",
"refsource" : "CONFIRM",
"url" : "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name" : "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt",
"refsource" : "CONFIRM",
"url" : "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"name" : "DSA-4115",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4115"
},
{
"name" : "GLSA-201804-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-17"
},
{
"name" : "RHSA-2018:0377",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"name" : "USN-3573-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3573-1/"
},
{
"name" : "VU#940439",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/940439"
},
{
"name" : "103105",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103105"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415: Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "103105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103105"
},
{
"name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt",
"refsource": "CONFIRM",
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"name": "RHSA-2018:0377",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/5xxx/CVE-2018-5563.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5563",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5563",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/5xxx/CVE-2018-5995.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a \"pages/cpu\" printk call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md",
"refsource" : "MISC",
"url" : "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md"
},
{
"name" : "105049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a \"pages/cpu\" printk call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105049"
},
{
"name": "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md",
"refsource": "MISC",
"url": "https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md"
}
]
}
}