admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:50:18 +00:00
parent 394e170111
commit 4d0721e6c8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 4251 additions and 4254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/1xxx/CVE-2001-1015.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1015", "ID": "CVE-2001-1015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011016 [ ** Snes9x buffer overflow vulnerability ** ]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html" "lang": "eng",
}, "value": "Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument."
{ }
"name" : "3437", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3437" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011016 [ ** Snes9x buffer overflow vulnerability ** ]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html"
},
{
"name": "3437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3437"
}
]
}
}

130
2001/1xxx/CVE-2001-1249.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1249", "ID": "CVE-2001-1249",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010629 4 New vulns. vWebServer and SmallHTTP", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/194418" "lang": "eng",
}, "value": "vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names."
{ }
"name" : "2978", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2978" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010629 4 New vulns. vWebServer and SmallHTTP",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/194418"
},
{
"name": "2978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2978"
}
]
}
}

140
2001/1xxx/CVE-2001-1305.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1305", "ID": "CVE-2001-1305",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=99851887024728&w=2" "lang": "eng",
}, "value": "ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer."
{ }
"name" : "3226", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3226" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "icq-auto-add-user(7028)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7028.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "icq-auto-add-user(7028)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7028.php"
},
{
"name": "3226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3226"
},
{
"name": "20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99851887024728&w=2"
}
]
}
}

130
2001/1xxx/CVE-2001-1362.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1362", "ID": "CVE-2001-1362",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the server for nPULSE before 0.53p4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" "lang": "eng",
}, "value": "Vulnerability in the server for nPULSE before 0.53p4."
{ }
"name" : "http://freshmeat.net/releases/51981/", ]
"refsource" : "CONFIRM", },
"url" : "http://freshmeat.net/releases/51981/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html"
},
{
"name": "http://freshmeat.net/releases/51981/",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/releases/51981/"
}
]
}
}

220
2006/2xxx/CVE-2006-2275.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2275", "ID": "CVE-2006-2275",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to \"spillover of the receive buffer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5" "lang": "eng",
}, "value": "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to \"spillover of the receive buffer.\""
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2006:0575", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2006-0026", ]
"refsource" : "TRUSTIX", }
"url" : "http://www.trustix.org/errata/2006/0026" ]
}, },
{ "references": {
"name" : "USN-302-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-302-1" "name": "linux-sctp-receive-dos(26433)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26433"
"name" : "17955", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17955" "name": "17955",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17955"
"name" : "oval:org.mitre.oval:def:11295", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11295" "name": "20716",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20716"
"name" : "20716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20716" "name": "oval:org.mitre.oval:def:11295",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11295"
"name" : "21465", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21465" "name": "USN-302-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-302-1"
"name" : "22417", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22417" "name": "RHSA-2006:0575",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
"name" : "linux-sctp-receive-dos(26433)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26433" "name": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5",
} "refsource": "CONFIRM",
] "url": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5"
} },
} {
"name": "2006-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0026"
},
{
"name": "21465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21465"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "22417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22417"
}
]
}
}

360
2006/2xxx/CVE-2006-2369.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-2369", "ID": "CVE-2006-2369",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, as originally demonstrated using a long password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060516 re: RealVNC 4.1.1 Remote Compromise", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434117/100/0/threaded" "lang": "eng",
}, "value": "RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, as originally demonstrated using a long password."
{ }
"name" : "20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/434518/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434560/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20060623 Linux VNC evil client patch - BID 17978", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/438175/100/0/threaded" ]
}, },
{ "references": {
"name" : "20060624 Re: Linux VNC evil client patch - BID 17978", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438368/100/0/threaded" "name": "8355",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8355"
"name" : "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html", },
"refsource" : "MISC", {
"url" : "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html" "name": "ADV-2006-2492",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2492"
"name" : "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html", },
"refsource" : "MISC", {
"url" : "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html" "name": "20107",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20107"
"name" : "20060515 RealVNC 4.1.1 Remote Compromise", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=114768344111131&w=2" "name": "20060623 Linux VNC evil client patch - BID 17978",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/438175/100/0/threaded"
"name" : "20060515 RealVNC 4.1.1 Remote Compromise", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/433994/100/0/threaded" "name": "20060516 re: RealVNC 4.1.1 Remote Compromise",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/434117/100/0/threaded"
"name" : "20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434015/100/0/threaded" "name": "20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/434015/100/0/threaded"
"name" : "[vnc-list] 20060513 Version 4.1.2", },
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=vnc-list&m=114755444130188&w=2" "name": "20060515 RealVNC 4.1.1 Remote Compromise",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=114768344111131&w=2"
"name" : "http://www.realvnc.com/products/free/4.1/release-notes.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.realvnc.com/products/free/4.1/release-notes.html" "name": "http://www.realvnc.com/products/free/4.1/release-notes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.realvnc.com/products/free/4.1/release-notes.html"
"name" : "20060622 RealVNC Remote Authentication Bypass Vulnerability", },
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml" "name": "VU#117929",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/117929"
"name" : "VU#117929", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/117929" "name": "20060624 Re: Linux VNC evil client patch - BID 17978",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/438368/100/0/threaded"
"name" : "17978", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17978" "name": "20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/434560/100/0/threaded"
"name" : "8355", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8355" "name": "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html",
}, "refsource": "MISC",
{ "url": "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html"
"name" : "ADV-2006-1821", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1821" "name": "1016083",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016083"
"name" : "ADV-2006-1790", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1790" "name": "ADV-2006-1821",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1821"
"name" : "ADV-2006-2492", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2492" "name": "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html",
}, "refsource": "MISC",
{ "url": "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html"
"name" : "25479", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25479" "name": "realvnc-auth-bypass(26445)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26445"
"name" : "1016083", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016083" "name": "20060515 RealVNC 4.1.1 Remote Compromise",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/433994/100/0/threaded"
"name" : "20107", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20107" "name": "17978",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17978"
"name" : "20109", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20109" "name": "25479",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/25479"
"name" : "20789", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20789" "name": "20109",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20109"
"name" : "realvnc-auth-bypass(26445)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26445" "name": "20060622 RealVNC Remote Authentication Bypass Vulnerability",
} "refsource": "CISCO",
] "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml"
} },
} {
"name": "[vnc-list] 20060513 Version 4.1.2",
"refsource": "MLIST",
"url": "http://marc.info/?l=vnc-list&m=114755444130188&w=2"
},
{
"name": "ADV-2006-1790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1790"
},
{
"name": "20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434518/100/0/threaded"
},
{
"name": "20789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20789"
}
]
}
}

170
2006/2xxx/CVE-2006-2615.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2615", "ID": "CVE-2006-2615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060522 Russcom Ping Remote code execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434825/100/0/threaded" "lang": "eng",
}, "value": "ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter."
{ }
"name" : "18090", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18090" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1938", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1938" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20236", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20236" ]
}, },
{ "references": {
"name" : "956", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/956" "name": "18090",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18090"
"name" : "russcom-ping-piping-command-execution(26651)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26651" "name": "956",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/956"
} },
} {
"name": "20236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20236"
},
{
"name": "ADV-2006-1938",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1938"
},
{
"name": "russcom-ping-piping-command-execution(26651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26651"
},
{
"name": "20060522 Russcom Ping Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434825/100/0/threaded"
}
]
}
}

160
2006/6xxx/CVE-2006-6070.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6070", "ID": "CVE-2006-6070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061119 ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452103/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter."
{ }
"name" : "2813", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2813" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21195", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21195" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1017255", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1017255" ]
}, },
{ "references": {
"name" : "aspnuke-register-sql-injection(30397)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30397" "name": "20061119 ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/452103/100/0/threaded"
} },
} {
"name": "1017255",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017255"
},
{
"name": "2813",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2813"
},
{
"name": "aspnuke-register-sql-injection(30397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30397"
},
{
"name": "21195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21195"
}
]
}
}

150
2006/6xxx/CVE-2006-6081.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6081", "ID": "CVE-2006-6081",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061119 Telaen <= 1.1.0 Remote File Include Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452086/100/100/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter."
{ }
"name" : "20061119 Telaen => 1.1.0 Remote File Include Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/452139/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1904", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1904" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "telaen-smartycompiler-file-include(30432)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30432" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1904",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1904"
},
{
"name": "20061119 Telaen => 1.1.0 Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452139/100/0/threaded"
},
{
"name": "20061119 Telaen <= 1.1.0 Remote File Include Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452086/100/100/threaded"
},
{
"name": "telaen-smartycompiler-file-include(30432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30432"
}
]
}
}

170
2006/6xxx/CVE-2006-6176.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6176", "ID": "CVE-2006-6176",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.blogn.org/index.php?e=66", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.blogn.org/index.php?e=66" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
{ }
"name" : "JVN#21125043", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/jp/JVN%2321125043/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21347", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21347" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4768", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4768" ]
}, },
{ "references": {
"name" : "23126", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23126" "name": "23126",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23126"
"name" : "blogn-admin-xss(30565)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30565" "name": "http://www.blogn.org/index.php?e=66",
} "refsource": "CONFIRM",
] "url": "http://www.blogn.org/index.php?e=66"
} },
} {
"name": "blogn-admin-xss(30565)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30565"
},
{
"name": "ADV-2006-4768",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4768"
},
{
"name": "21347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21347"
},
{
"name": "JVN#21125043",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2321125043/index.html"
}
]
}
}

140
2006/6xxx/CVE-2006-6331.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6331", "ID": "CVE-2006-6331",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "metaInfo.php in TorrentFlux 2.2, when $cfg[\"enable_file_priority\"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" "lang": "eng",
}, "value": "metaInfo.php in TorrentFlux 2.2, when $cfg[\"enable_file_priority\"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23270", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23270" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582"
},
{
"name": "23270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23270"
}
]
}
}

170
2006/6xxx/CVE-2006-6339.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6339", "ID": "CVE-2006-6339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061201 deV!L`z Clanportal - SQL Injection [061124a]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/453179/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request."
{ }
"name" : "21391", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21391" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4821", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4821" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23194", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23194" ]
}, },
{ "references": {
"name" : "1984", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1984" "name": "ADV-2006-4821",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4821"
"name" : "dzcp-show-sql-injection(30631)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30631" "name": "20061201 deV!L`z Clanportal - SQL Injection [061124a]",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/453179/100/0/threaded"
} },
} {
"name": "21391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21391"
},
{
"name": "1984",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1984"
},
{
"name": "23194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23194"
},
{
"name": "dzcp-show-sql-injection(30631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30631"
}
]
}
}

180
2011/0xxx/CVE-2011-0124.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-0124", "ID": "CVE-2011-0124",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4554", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4554" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
{ }
"name" : "http://support.apple.com/kb/HT4564", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4564" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4566", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4566" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-03-02-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2011-03-09-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" "name": "http://support.apple.com/kb/HT4564",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4564"
"name" : "APPLE-SA-2011-03-09-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" "name": "http://support.apple.com/kb/HT4566",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4566"
"name" : "oval:org.mitre.oval:def:17280", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17280" "name": "oval:org.mitre.oval:def:17280",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17280"
} },
} {
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
}
]
}
}

150
2011/0xxx/CVE-2011-0227.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-0227", "ID": "CVE-2011-0227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4802", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4802" "lang": "eng",
}, "value": "The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application."
{ }
"name" : "http://support.apple.com/kb/HT4803", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4803" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2011-07-15-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-07-15-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://support.apple.com/kb/HT4803",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "APPLE-SA-2011-07-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "APPLE-SA-2011-07-15-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4802",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4802"
}
]
}
}

170
2011/0xxx/CVE-2011-0569.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-0569", "ID": "CVE-2011-0569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid size value that leads to an unexpected sign extension and a buffer overflow, a different vulnerability than CVE-2011-0556."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110209 TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516335/100/0/threaded" "lang": "eng",
}, "value": "The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid size value that leads to an unexpected sign extension and a buffer overflow, a different vulnerability than CVE-2011-0556."
{ }
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05", ]
"refsource" : "MISC", },
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1025056", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1025056" ]
}, },
{ "references": {
"name" : "ADV-2011-0335", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0335" "name": "ADV-2011-0335",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0335"
"name" : "adobe-fontxtra-code-execution(65260)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65260" "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
} },
} {
"name": "20110209 TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516335/100/0/threaded"
},
{
"name": "1025056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025056"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05"
},
{
"name": "adobe-fontxtra-code-execution(65260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65260"
}
]
}
}

160
2011/2xxx/CVE-2011-2432.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2432", "ID": "CVE-2011-2432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html" "lang": "eng",
}, "value": "Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "SUSE-SA:2011:044", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2011:1239", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2011:1238", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14031", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14031" "name": "http://www.adobe.com/support/security/bulletins/apsb11-24.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb11-24.html"
} },
} {
"name": "SUSE-SU-2011:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html"
},
{
"name": "SUSE-SA:2011:044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html"
},
{
"name": "openSUSE-SU-2011:1238",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html"
},
{
"name": "oval:org.mitre.oval:def:14031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14031"
}
]
}
}

34
2011/2xxx/CVE-2011-2542.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2542", "ID": "CVE-2011-2542",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2011/3xxx/CVE-2011-3094.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3094", "ID": "CVE-2011-3094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=122586", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=122586" "lang": "eng",
}, "value": "Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201205-03", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201205-03.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:0656", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" ]
}, },
{ "references": {
"name" : "53540", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53540" "name": "GLSA-201205-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201205-03.xml"
"name" : "oval:org.mitre.oval:def:15233", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15233" "name": "openSUSE-SU-2012:0656",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html"
"name" : "1027067", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027067" "name": "1027067",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027067"
"name" : "chrome-tibetan-code-exec(75599)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75599" "name": "oval:org.mitre.oval:def:15233",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15233"
} },
} {
"name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html"
},
{
"name": "53540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53540"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=122586",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=122586"
},
{
"name": "chrome-tibetan-code-exec(75599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75599"
}
]
}
}

260
2011/3xxx/CVE-2011-3516.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-3516", "ID": "CVE-2011-3516",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
{ }
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02730", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT100710", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" ]
}, },
{ "references": {
"name" : "HPSBMU02797", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "SSRT100867", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "48308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48308"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "HPSBUX02730",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
"name" : "RHSA-2011:1384", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" "name": "oracle-jre-deployment-unspec(70851)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70851"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "SUSE-SU-2012:0114",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
"name" : "SUSE-SU-2012:0114", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "50229", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50229" "name": "SSRT100710",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
"name" : "oval:org.mitre.oval:def:14273", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14273" "name": "RHSA-2011:1384",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
"name" : "1026215", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026215" "name": "50229",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50229"
"name" : "48308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48308" "name": "oval:org.mitre.oval:def:14273",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14273"
"name" : "oracle-jre-deployment-unspec(70851)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70851" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
} },
} {
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "1026215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026215"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
}
]
}
}

150
2011/3xxx/CVE-2011-3765.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3765", "ID": "CVE-2011-3765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openrealty-upgrade115inc-path-disclosure(70607)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607" ]
} },
] "references": {
} "reference_data": [
} {
"name": "openrealty-upgrade115inc-path-disclosure(70607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

140
2011/3xxx/CVE-2011-3787.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3787", "ID": "CVE-2011-3787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

200
2011/3xxx/CVE-2011-3988.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2011-3988", "ID": "CVE-2011-3988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://svn.ec-cube.net/open_trac/ticket/1502", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://svn.ec-cube.net/open_trac/ticket/1502" "lang": "eng",
}, "value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=38", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=38" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ec-cube.net/release/detail.php?release_id=286", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ec-cube.net/release/detail.php?release_id=286" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVN#44496332", ]
"refsource" : "JVN", }
"url" : "http://jvn.jp/en/jp/JVN44496332/index.html" ]
}, },
{ "references": {
"name" : "JVNDB-2011-000087", "reference_data": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html" "name": "http://svn.ec-cube.net/open_trac/ticket/1502",
}, "refsource": "CONFIRM",
{ "url": "http://svn.ec-cube.net/open_trac/ticket/1502"
"name" : "50140", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50140" "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=38",
}, "refsource": "CONFIRM",
{ "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
"name" : "76399", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/76399" "name": "eccube-scquery-sql-injection(70625)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
"name" : "46446", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46446" "name": "50140",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50140"
"name" : "eccube-scquery-sql-injection(70625)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625" "name": "JVNDB-2011-000087",
} "refsource": "JVNDB",
] "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
} },
} {
"name": "http://www.ec-cube.net/release/detail.php?release_id=286",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"refsource": "OSVDB",
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46446"
}
]
}
}

160
2011/4xxx/CVE-2011-4081.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4081", "ID": "CVE-2011-4081",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111027 Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/10/27/2" "lang": "eng",
}, "value": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=749475", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=749475" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c" "name": "[oss-security] 20111027 Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2011/10/27/2"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=749475",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=749475"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"name": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c"
}
]
}
}

120
2011/4xxx/CVE-2011-4497.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4497", "ID": "CVE-2011-4497",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#200814", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/200814" "lang": "eng",
} "value": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#200814",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/200814"
}
]
}
}

200
2011/4xxx/CVE-2011-4715.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4715", "ID": "CVE-2011-4715",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18153", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18153" "lang": "eng",
}, "value": "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm."
{ }
"name" : "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153", ]
"refsource" : "MISC", },
"url" : "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://koha-community.org/koha-3-4-7/#more-2971", "description": [
"refsource" : "CONFIRM", {
"url" : "http://koha-community.org/koha-3-4-7/#more-2971" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://koha-community.org/koha-3-6-1/#more-2929", ]
"refsource" : "CONFIRM", }
"url" : "http://koha-community.org/koha-3-6-1/#more-2929" ]
}, },
{ "references": {
"name" : "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm" "name": "50812",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50812"
"name" : "50812", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50812" "name": "http://koha-community.org/koha-3-6-1/#more-2929",
}, "refsource": "CONFIRM",
{ "url": "http://koha-community.org/koha-3-6-1/#more-2929"
"name" : "77322", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/77322" "name": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153",
}, "refsource": "MISC",
{ "url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153"
"name" : "46980", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46980" "name": "18153",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/18153"
"name" : "liblimekoha-opacmain-file-include(71478)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478" "name": "http://koha-community.org/koha-3-4-7/#more-2971",
} "refsource": "CONFIRM",
] "url": "http://koha-community.org/koha-3-4-7/#more-2971"
} },
} {
"name": "77322",
"refsource": "OSVDB",
"url": "http://osvdb.org/77322"
},
{
"name": "46980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46980"
},
{
"name": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm",
"refsource": "CONFIRM",
"url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm"
},
{
"name": "liblimekoha-opacmain-file-include(71478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478"
}
]
}
}

34
2011/4xxx/CVE-2011-4796.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-4796", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-4796",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

150
2011/4xxx/CVE-2011-4868.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4868", "ID": "CVE-2011-4868",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://deepthought.isc.org/article/AA-00595", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://deepthought.isc.org/article/AA-00595" "lang": "eng",
}, "value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update."
{ }
"name" : "https://www.isc.org/software/dhcp/advisories/cve-2011-4868", ]
"refsource" : "CONFIRM", },
"url" : "https://www.isc.org/software/dhcp/advisories/cve-2011-4868" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://kb.isc.org/article/AA-00705", "description": [
"refsource" : "CONFIRM", {
"url" : "https://kb.isc.org/article/AA-00705" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201301-06", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201301-06.xml" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://kb.isc.org/article/AA-00705",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00705"
},
{
"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868",
"refsource": "CONFIRM",
"url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868"
},
{
"name": "https://deepthought.isc.org/article/AA-00595",
"refsource": "CONFIRM",
"url": "https://deepthought.isc.org/article/AA-00595"
},
{
"name": "GLSA-201301-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
}
]
}
}

34
2011/4xxx/CVE-2011-4986.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-4986", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-4986",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

34
2013/0xxx/CVE-2013-0070.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-0070", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-0070",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

150
2013/1xxx/CVE-2013-1050.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2013-1050", "ID": "CVE-2013-1050",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126" "lang": "eng",
}, "value": "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation."
{ }
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=683060", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=683060" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4", "description": [
"refsource" : "MISC", {
"url" : "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1716-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1716-1" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=683060",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=683060"
},
{
"name": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4",
"refsource": "MISC",
"url": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4"
},
{
"name": "USN-1716-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1716-1"
}
]
}
}

120
2013/1xxx/CVE-2013-1171.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1171", "ID": "CVE-2013-1171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130401 Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130401 Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171"
}
]
}
}

130
2013/1xxx/CVE-2013-1613.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2013-1613", "ID": "CVE-2013-1613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00" "lang": "eng",
}, "value": "SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "60796", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/60796" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00"
},
{
"name": "60796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60796"
}
]
}
}

290
2013/1xxx/CVE-2013-1792.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1792", "ID": "CVE-2013-1792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/07/1" "lang": "eng",
}, "value": "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=916646", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=916646" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087" "name": "USN-1796-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1796-1"
"name" : "MDVSA-2013:176", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" "name": "openSUSE-SU-2013:1187",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
"name" : "RHSA-2013:0744", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html" "name": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087"
"name" : "openSUSE-SU-2013:1187", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" "name": "MDVSA-2013:176",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"name" : "openSUSE-SU-2014:0204", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" "name": "USN-1797-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1797-1"
"name" : "USN-1787-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1787-1" "name": "USN-1788-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1788-1"
"name" : "USN-1788-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1788-1" "name": "[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/03/07/1"
"name" : "USN-1792-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1792-1" "name": "USN-1793-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1793-1"
"name" : "USN-1798-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1798-1" "name": "USN-1792-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1792-1"
"name" : "USN-1793-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1793-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087"
"name" : "USN-1794-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1794-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=916646",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"
"name" : "USN-1795-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1795-1" "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3"
"name" : "USN-1796-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1796-1" "name": "USN-1794-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1794-1"
"name" : "USN-1797-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1797-1" "name": "RHSA-2013:0744",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
} },
} {
"name": "USN-1795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"name": "USN-1787-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1787-1"
},
{
"name": "openSUSE-SU-2014:0204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
},
{
"name": "USN-1798-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1798-1"
}
]
}
}

34
2013/5xxx/CVE-2013-5083.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-5083", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-5083",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

140
2013/5xxx/CVE-2013-5470.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-5470", "ID": "CVE-2013-5470",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130903 Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5470" "lang": "eng",
}, "value": "Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488."
{ }
"name" : "62145", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/62145" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96822", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/96822" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20130903 Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5470"
},
{
"name": "96822",
"refsource": "OSVDB",
"url": "http://osvdb.org/96822"
},
{
"name": "62145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62145"
}
]
}
}

170
2013/5xxx/CVE-2013-5504.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-5504", "ID": "CVE-2013-5504",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266."
{ }
"name" : "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "62694", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/62694" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97877", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/97877" ]
}, },
{ "references": {
"name" : "1029110", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029110" "name": "1029110",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029110"
"name" : "cisco-ise-cve20135504-xss(87531)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531" "name": "97877",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/97877"
} },
} {
"name": "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504"
},
{
"name": "cisco-ise-cve20135504-xss(87531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007"
},
{
"name": "62694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62694"
}
]
}
}

150
2013/5xxx/CVE-2013-5717.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5717", "ID": "CVE-2013-5717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130" "lang": "eng",
}, "value": "The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.wireshark.org/security/wnpa-sec-2013-54.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2013-54.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:19030", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19030" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2013-54.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2013-54.html"
},
{
"name": "oval:org.mitre.oval:def:19030",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19030"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827"
}
]
}
}

34
2014/2xxx/CVE-2014-2052.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2052", "ID": "CVE-2014-2052",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/2xxx/CVE-2014-2158.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-2158", "ID": "CVE-2014-2158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" "lang": "eng",
} "value": "Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp"
}
]
}
}

170
2014/2xxx/CVE-2014-2303.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2303", "ID": "CVE-2014-2303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/532231/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
{ }
"name" : "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/May/148" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht", "description": [
"refsource" : "MISC", {
"url" : "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser", ]
"refsource" : "MISC", }
"url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html" "name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
"name" : "67689", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67689" "name": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
} },
} {
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67689"
},
{
"name": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht",
"refsource": "MISC",
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
]
}
}

120
2014/2xxx/CVE-2014-2353.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-2353", "ID": "CVE-2014-2353",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02"
}
]
}
}

190
2014/2xxx/CVE-2014-2432.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-2432", "ID": "CVE-2014-2432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" "lang": "eng",
}, "value": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201409-04", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0522", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0522.html" ]
}, },
{ "references": {
"name" : "RHSA-2014:0536", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0536.html" "name": "RHSA-2014:0536",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0536.html"
"name" : "RHSA-2014:0537", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0537.html" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
"name" : "RHSA-2014:0702", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0702.html" "name": "RHSA-2014:0522",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0522.html"
"name" : "66875", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66875" "name": "66875",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/66875"
} },
} {
"name": "RHSA-2014:0537",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0537.html"
},
{
"name": "RHSA-2014:0702",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0702.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}
}

160
2014/2xxx/CVE-2014-2578.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2578", "ID": "CVE-2014-2578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.splunk.com/view/SP-CAAAKQX", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAKQX" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "66453", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/66453" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1029966", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029966" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "57554", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/57554" ]
}, },
{ "references": {
"name" : "splunk-cve20142578-xss(92126)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92126" "name": "66453",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/66453"
} },
} {
"name": "http://www.splunk.com/view/SP-CAAAKQX",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAKQX"
},
{
"name": "1029966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029966"
},
{
"name": "57554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57554"
},
{
"name": "splunk-cve20142578-xss(92126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92126"
}
]
}
}

34
2014/2xxx/CVE-2014-2901.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2901", "ID": "CVE-2014-2901",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2014/6xxx/CVE-2014-6082.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6082", "ID": "CVE-2014-6082",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" "lang": "eng",
}, "value": "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691601", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691601" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV67358", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IV67581", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" ]
}, },
{ "references": {
"name" : "61945", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61945" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475"
"name" : "ibm-sam-cve20146082-dos(95809)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95809" "name": "61945",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/61945"
} },
} {
"name": "IV67358",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691601",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691601"
},
{
"name": "IV67581",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581"
},
{
"name": "ibm-sam-cve20146082-dos(95809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95809"
}
]
}
}

158
2017/0xxx/CVE-2017-0496.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0496", "ID": "CVE-2017-0496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01" "lang": "eng",
}, "value": "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152."
{ }
"name" : "96788", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96788" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037968", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "lang": "eng",
} "value": "Denial of service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96788"
}
]
}
}

132
2017/0xxx/CVE-2017-0688.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00", "DATE_PUBLIC": "2017-07-05T00:00:00",
"ID" : "CVE-2017-0688", "ID": "CVE-2017-0688",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-07-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-07-01" "lang": "eng",
}, "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425."
{ }
"name" : "99478", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99478" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99478"
}
]
}
}

156
2017/0xxx/CVE-2017-0760.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00", "DATE_PUBLIC": "2017-09-05T00:00:00",
"ID" : "CVE-2017-0760", "ID": "CVE-2017-0760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-09-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-09-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396."
{ }
"name" : "100649", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100649" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100649"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}
}

142
2017/0xxx/CVE-2017-0938.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2019-02-06T00:00:00", "DATE_PUBLIC": "2019-02-06T00:00:00",
"ID" : "CVE-2017-0938", "ID": "CVE-2017-0938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "airMAX, EdgeMAX", "product_name": "airMAX, EdgeMAX",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "airMAX < 8.3.2, airMAX < 6.0.7, EdgeRouter < v1.9.7" "version_value": "airMAX < 8.3.2, airMAX < 6.0.7, EdgeRouter < v1.9.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", "description_data": [
"refsource" : "MISC", {
"url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522" "lang": "eng",
}, "value": "Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
{ }
"name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", ]
"refsource" : "MISC", },
"url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://hackerone.com/reports/221625", "description": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/221625" "lang": "eng",
} "value": "Denial of Service (CWE-400)"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522",
"refsource": "MISC",
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
},
{
"name": "https://hackerone.com/reports/221625",
"refsource": "MISC",
"url": "https://hackerone.com/reports/221625"
},
{
"name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215",
"refsource": "MISC",
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
}
]
}
}

34
2017/0xxx/CVE-2017-0972.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-0972", "ID": "CVE-2017-0972",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

124
2017/1000xxx/CVE-2017-1000152.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.363215", "DATE_ASSIGNED": "2017-08-22T17:29:33.363215",
"ID" : "CVE-2017-1000152", "ID": "CVE-2017-1000152",
"REQUESTER" : "info@mahara.org", "REQUESTER": "info@mahara.org",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Mahara", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<15.04.7, <15.10.3, running PHP 5.3" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mahara" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Sessions"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.launchpad.net/mahara/+bug/1570744", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.launchpad.net/mahara/+bug/1570744" "lang": "eng",
} "value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1570744",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1570744"
}
]
}
}

134
2017/1000xxx/CVE-2017-1000408.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-05", "DATE_ASSIGNED": "2017-12-05",
"ID" : "CVE-2017-1000408", "ID": "CVE-2017-1000408",
"REQUESTER" : "qsa@qualys.com", "REQUESTER": "qsa@qualys.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "glibc", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "glibc with commit ab7eb292307152e706948a7b19164ff5e6d593d4 and later" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "glibc" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43331", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43331/" "lang": "eng",
}, "value": "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366."
{ }
"name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2017/q4/385" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43331",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43331/"
},
{
"name": "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q4/385"
}
]
}
}

37
2017/1000xxx/CVE-2017-1000439.json
View File

@ -1,21 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"DATE_ASSIGNED" : "2017-12-29", "data_version": "4.0",
"ID" : "CVE-2017-1000439", "CVE_data_meta": {
"REQUESTER" : "au1ge.xyz@gmail.com", "ID": "CVE-2017-1000439",
"STATE" : "REJECT", "ASSIGNER": "cve@mitre.org",
"STATE_DETAIL" : "DUPLICATE of CVE-2017-14601" "STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0", {
"description" : { "lang": "eng",
"description_data" : [ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14601. Reason: This candidate is a reservation duplicate of CVE-2017-14601. Notes: All CVE users should reference CVE-2017-14601 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
{ }
"lang" : "eng", ]
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14601. Reason: This candidate is a reservation duplicate of CVE-2017-14601. Notes: All CVE users should reference CVE-2017-14601 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." }
} }
]
}
}

132
2017/16xxx/CVE-2017-16008.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16008", "ID": "CVE-2017-16008",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "i18next node module", "product_name": "i18next node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=1.10.2" "version_value": "<=1.10.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/i18next/i18next/pull/443", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/i18next/i18next/pull/443" "lang": "eng",
}, "value": "i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2."
{ }
"name" : "https://nodesecurity.io/advisories/325", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/325" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/325",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/325"
},
{
"name": "https://github.com/i18next/i18next/pull/443",
"refsource": "MISC",
"url": "https://github.com/i18next/i18next/pull/443"
}
]
}
}

130
2017/16xxx/CVE-2017-16237.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16237", "ID": "CVE-2017-16237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43109", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43109/" "lang": "eng",
}, "value": "In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C."
{ }
"name" : "101851", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101851" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101851"
},
{
"name": "43109",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43109/"
}
]
}
}

132
2017/16xxx/CVE-2017-16748.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-16T00:00:00", "DATE_PUBLIC": "2018-08-16T00:00:00",
"ID" : "CVE-2017-16748", "ID": "CVE-2017-16748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Niagara AX Framework and Niagara 4 Framework", "product_name": "Niagara AX Framework and Niagara 4 Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior" "version_value": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER AUTHENTICATION CWE-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03" "lang": "eng",
}, "value": "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system."
{ }
"name" : "105101", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105101" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105101"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
}
]
}
}

34
2017/1xxx/CVE-2017-1076.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1076", "ID": "CVE-2017-1076",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

154
2017/1xxx/CVE-2017-1321.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-10T00:00:00", "DATE_PUBLIC": "2017-07-10T00:00:00",
"ID" : "CVE-2017-1321", "ID": "CVE-2017-1321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "InfoSphere Information Server", "product_name": "InfoSphere Information Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.1" "version_value": "9.1"
}, },
{ {
"version_value" : "11.3" "version_value": "11.3"
}, },
{ {
"version_value" : "11.5" "version_value": "11.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916" "lang": "eng",
}, "value": "IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004729", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004729" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99537", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99537" "lang": "eng",
} "value": "Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004729",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004729"
},
{
"name": "99537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99537"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916"
}
]
}
}

184
2017/1xxx/CVE-2017-1370.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-21T00:00:00", "DATE_PUBLIC": "2017-07-21T00:00:00",
"ID" : "CVE-2017-1370", "ID": "CVE-2017-1370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jazz Reporting Service", "product_name": "Jazz Reporting Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863" "lang": "eng",
}, "value": "IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005868", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005868" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99954", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99954" "lang": "eng",
} "value": "Obtain Information"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99954"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005868",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005868"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863"
}
]
}
}

34
2017/1xxx/CVE-2017-1932.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1932", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1932",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1997.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1997", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1997",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4325.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4325", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4325",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4510.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4510", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4510",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4704.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4704", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4704",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4744.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4744", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4744",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }