admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:38:28 +00:00
parent 523431e023
commit 5360620792
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 4275 additions and 4275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/0xxx/CVE-2006-0511.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060201 Blackboard Authentication Error",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name" : "20060201 Re: Blackboard Authentication Error",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name" : "20060202 Re: Blackboard Authentication Error",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name" : "16438",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16438"
},
{
"name" : "28023",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28023"
}
]
}
}

200
2006/0xxx/CVE-2006-0776.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060224 [eVuln] Guestex XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426034/100/0/threaded"
},
{
"name" : "http://www.evuln.com/vulns/77/summary.html",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/77/summary.html"
},
{
"name" : "16711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16711"
},
{
"name" : "ADV-2006-0640",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0640"
},
{
"name" : "23182",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23182"
},
{
"name" : "1015678",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015678"
},
{
"name" : "18927",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18927"
},
{
"name" : "490",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/490"
},
{
"name" : "guestex-script-xss(24644)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24644"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18927"
},
{
"name": "16711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16711"
},
{
"name": "1015678",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015678"
},
{
"name": "http://www.evuln.com/vulns/77/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/77/summary.html"
},
{
"name": "guestex-script-xss(24644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24644"
},
{
"name": "490",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/490"
},
{
"name": "23182",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23182"
},
{
"name": "ADV-2006-0640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0640"
},
{
"name": "20060224 [eVuln] Guestex XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426034/100/0/threaded"
}
]
}
}

190
2006/3xxx/CVE-2006-3360.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060705 Re: phpSysInfo arbitrary file identification",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"
},
{
"name" : "20060705 phpSysInfo arbitrary file identification",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"
},
{
"name" : "18868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18868"
},
{
"name" : "ADV-2006-2668",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2668"
},
{
"name" : "27015",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27015"
},
{
"name" : "1016440",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016440"
},
{
"name" : "20939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20939"
},
{
"name" : "phpsysinfo-lng-information-disclosure(27527)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016440",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016440"
},
{
"name": "phpsysinfo-lng-information-disclosure(27527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"
},
{
"name": "ADV-2006-2668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2668"
},
{
"name": "27015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27015"
},
{
"name": "20939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20939"
},
{
"name": "20060705 Re: phpSysInfo arbitrary file identification",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"
},
{
"name": "18868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18868"
},
{
"name": "20060705 phpSysInfo arbitrary file identification",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"
}
]
}
}

150
2006/3xxx/CVE-2006-3374.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3374",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060704 Re: file include exploits in randshop v1.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439063/100/0/threaded"
},
{
"name" : "20060704 file include exploits in randshop v1.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439040/100/0/threaded"
},
{
"name" : "18809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18809"
},
{
"name" : "1016438",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016438"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18809"
},
{
"name": "20060704 file include exploits in randshop v1.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439040/100/0/threaded"
},
{
"name": "1016438",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016438"
},
{
"name": "20060704 Re: file include exploits in randshop v1.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439063/100/0/threaded"
}
]
}
}

170
2006/3xxx/CVE-2006-3482.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html"
},
{
"name" : "18840",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18840"
},
{
"name" : "ADV-2006-2690",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2690"
},
{
"name" : "27016",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27016"
},
{
"name" : "1016439",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016439"
},
{
"name" : "20959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27016",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27016"
},
{
"name": "1016439",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016439"
},
{
"name": "18840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18840"
},
{
"name": "http://lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html"
},
{
"name": "20959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20959"
},
{
"name": "ADV-2006-2690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2690"
}
]
}
}

490
2006/3xxx/CVE-2006-3838.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060725 TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441200/100/0/threaded"
},
{
"name" : "20060725 TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441198/100/0/threaded"
},
{
"name" : "20060808 TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html"
},
{
"name" : "20060725 ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441197/100/0/threaded"
},
{
"name" : "20060725 ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441195/100/0/threaded"
},
{
"name" : "http://www.tippingpoint.com/security/advisories/TSRT-06-04.html",
"refsource" : "MISC",
"url" : "http://www.tippingpoint.com/security/advisories/TSRT-06-04.html"
},
{
"name" : "http://www.tippingpoint.com/security/advisories/TSRT-06-07.html",
"refsource" : "MISC",
"url" : "http://www.tippingpoint.com/security/advisories/TSRT-06-07.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-023.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-023.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-024.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-024.html"
},
{
"name" : "http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf"
},
{
"name" : "http://www.tippingpoint.com/security/advisories/TSRT-06-03.html",
"refsource" : "MISC",
"url" : "http://www.tippingpoint.com/security/advisories/TSRT-06-03.html"
},
{
"name" : "VU#513068",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/513068"
},
{
"name" : "19163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19163"
},
{
"name" : "19164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19164"
},
{
"name" : "19165",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19165"
},
{
"name" : "19167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19167"
},
{
"name" : "ADV-2006-2985",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2985"
},
{
"name" : "ADV-2006-3007",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3007"
},
{
"name" : "ADV-2006-3010",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3010"
},
{
"name" : "ADV-2006-3006",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3006"
},
{
"name" : "ADV-2006-3008",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3008"
},
{
"name" : "ADV-2006-3009",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3009"
},
{
"name" : "27525",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27525"
},
{
"name" : "27526",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27526"
},
{
"name" : "27527",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27527"
},
{
"name" : "27528",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27528"
},
{
"name" : "1016580",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016580"
},
{
"name" : "21211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21211"
},
{
"name" : "21213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21213"
},
{
"name" : "21217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21217"
},
{
"name" : "21214",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21214"
},
{
"name" : "21215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21215"
},
{
"name" : "21218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21218"
},
{
"name" : "eiqnetworks-esa-syslog-string-bo(27950)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27950"
},
{
"name" : "eiqnetworks-esa-monitoring-bo(27954)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27954"
},
{
"name" : "eiqnetworks-esa-licensemanager-bo(27952)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27952"
},
{
"name" : "eiqnetworks-esa-syslog-command-bo(27951)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27951"
},
{
"name" : "eiqnetworks-esa-topology-bo(27953)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-07.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-07.html"
},
{
"name": "19167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19167"
},
{
"name": "http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf"
},
{
"name": "21218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21218"
},
{
"name": "ADV-2006-3007",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3007"
},
{
"name": "27526",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27526"
},
{
"name": "eiqnetworks-esa-syslog-string-bo(27950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27950"
},
{
"name": "21217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21217"
},
{
"name": "27527",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27527"
},
{
"name": "1016580",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016580"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-03.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-03.html"
},
{
"name": "19163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19163"
},
{
"name": "ADV-2006-2985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2985"
},
{
"name": "20060725 TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441198/100/0/threaded"
},
{
"name": "21215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21215"
},
{
"name": "20060725 ZDI-06-024: eIQNetworks Enterprise Security Analyzer License Manager Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441195/100/0/threaded"
},
{
"name": "ADV-2006-3008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3008"
},
{
"name": "eiqnetworks-esa-topology-bo(27953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27953"
},
{
"name": "27528",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27528"
},
{
"name": "21211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21211"
},
{
"name": "19164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19164"
},
{
"name": "VU#513068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/513068"
},
{
"name": "20060725 TSRT-06-03: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441200/100/0/threaded"
},
{
"name": "20060808 TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html"
},
{
"name": "20060725 ZDI-06-023: eIQNetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441197/100/0/threaded"
},
{
"name": "ADV-2006-3006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3006"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-04.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-04.html"
},
{
"name": "21214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21214"
},
{
"name": "19165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19165"
},
{
"name": "27525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27525"
},
{
"name": "ADV-2006-3010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3010"
},
{
"name": "eiqnetworks-esa-licensemanager-bo(27952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27952"
},
{
"name": "eiqnetworks-esa-syslog-command-bo(27951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27951"
},
{
"name": "21213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21213"
},
{
"name": "ADV-2006-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3009"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-023.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-023.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-024.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-024.html"
},
{
"name": "eiqnetworks-esa-monitoring-bo(27954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27954"
}
]
}
}

210
2006/3xxx/CVE-2006-3888.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-3888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061011 AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8"
},
{
"name" : "VU#661524",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/661524"
},
{
"name" : "20425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20425"
},
{
"name" : "20472",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20472"
},
{
"name" : "ADV-2006-3967",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3967"
},
{
"name" : "1017024",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017024"
},
{
"name" : "22304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22304"
},
{
"name" : "aol-ygp-pic-downloader-bo(29410)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29410"
},
{
"name" : "aol-ygp-setalbumname-bo(29494)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29494"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3967"
},
{
"name": "20472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20472"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8"
},
{
"name": "1017024",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017024"
},
{
"name": "VU#661524",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/661524"
},
{
"name": "20061011 AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420"
},
{
"name": "aol-ygp-pic-downloader-bo(29410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29410"
},
{
"name": "20425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20425"
},
{
"name": "aol-ygp-setalbumname-bo(29494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29494"
},
{
"name": "22304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22304"
}
]
}
}

180
2006/4xxx/CVE-2006-4362.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060821 Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443929/100/0/threaded"
},
{
"name" : "19646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19646"
},
{
"name" : "ADV-2006-3352",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3352"
},
{
"name" : "28072",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28072"
},
{
"name" : "21568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21568"
},
{
"name" : "1452",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1452"
},
{
"name" : "paidmail-getad-xss(28495)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "paidmail-getad-xss(28495)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28495"
},
{
"name": "1452",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1452"
},
{
"name": "28072",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28072"
},
{
"name": "21568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21568"
},
{
"name": "ADV-2006-3352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3352"
},
{
"name": "20060821 Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443929/100/0/threaded"
},
{
"name": "19646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19646"
}
]
}
}

410
2006/4xxx/CVE-2006-4482.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447866/100/0/threaded"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11",
"refsource" : "MISC",
"url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11"
},
{
"name" : "http://www.php.net/ChangeLog-5.php#5.1.5",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.1.5"
},
{
"name" : "http://www.php.net/release_5_1_5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_5_1_5.php"
},
{
"name" : "https://issues.rpath.com/browse/RPL-683",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-683"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm"
},
{
"name" : "DSA-1206",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1206"
},
{
"name" : "RHSA-2006:0669",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0669.html"
},
{
"name" : "RHSA-2006:0682",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0682.html"
},
{
"name" : "RHSA-2006:0688",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0688.html"
},
{
"name" : "20061001-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name" : "SUSE-SA:2006:052",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_52_php.html"
},
{
"name" : "TLSA-2006-38",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name" : "USN-342-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-342-1"
},
{
"name" : "19582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19582"
},
{
"name" : "oval:org.mitre.oval:def:10121",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10121"
},
{
"name" : "ADV-2006-3318",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3318"
},
{
"name" : "1016984",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016984"
},
{
"name" : "21546",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21546"
},
{
"name" : "21768",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21768"
},
{
"name" : "22004",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22004"
},
{
"name" : "22069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22069"
},
{
"name" : "22225",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22225"
},
{
"name" : "22440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22440"
},
{
"name" : "22538",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22538"
},
{
"name" : "22487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22487"
},
{
"name" : "22713",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22713"
},
{
"name" : "22039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10121",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10121"
},
{
"name": "1016984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016984"
},
{
"name": "http://www.php.net/release_5_1_5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_5_1_5.php"
},
{
"name": "https://issues.rpath.com/browse/RPL-683",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-683"
},
{
"name": "21768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21768"
},
{
"name": "RHSA-2006:0669",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0669.html"
},
{
"name": "22487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22487"
},
{
"name": "USN-342-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-342-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm"
},
{
"name": "22039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22039"
},
{
"name": "TLSA-2006-38",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name": "RHSA-2006:0688",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html"
},
{
"name": "DSA-1206",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1206"
},
{
"name": "19582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19582"
},
{
"name": "22004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22004"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm"
},
{
"name": "22538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22538"
},
{
"name": "22713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22713"
},
{
"name": "RHSA-2006:0682",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0682.html"
},
{
"name": "21546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21546"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11",
"refsource": "MISC",
"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11"
},
{
"name": "22440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22440"
},
{
"name": "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447866/100/0/threaded"
},
{
"name": "22069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22069"
},
{
"name": "ADV-2006-3318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3318"
},
{
"name": "22225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22225"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.1.5",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.1.5"
},
{
"name": "20061001-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "SUSE-SA:2006:052",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_52_php.html"
}
]
}
}

170
2006/4xxx/CVE-2006-4491.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cybozu.co.jp/products/dl/notice_060825/",
"refsource" : "CONFIRM",
"url" : "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name" : "JVN#90420168",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"name" : "28262",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28262"
},
{
"name" : "1016759",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016759"
},
{
"name" : "21638",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21638"
},
{
"name" : "21656",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21656"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#90420168",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"name": "http://cybozu.co.jp/products/dl/notice_060825/",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28262"
},
{
"name": "1016759",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016759"
},
{
"name": "21638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21638"
},
{
"name": "21656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21656"
}
]
}
}

140
2006/6xxx/CVE-2006-6212.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21269"
},
{
"name" : "ADV-2006-4685",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4685"
},
{
"name" : "23082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4685"
},
{
"name": "23082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23082"
},
{
"name": "21269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21269"
}
]
}
}

150
2006/6xxx/CVE-2006-6218.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061118 [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452008/100/200/threaded"
},
{
"name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls36",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls36"
},
{
"name" : "21170",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21170"
},
{
"name" : "dev4ucms-index-sql-injection(30395)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls36",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls36"
},
{
"name": "dev4ucms-index-sql-injection(30395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30395"
},
{
"name": "20061118 [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452008/100/200/threaded"
},
{
"name": "21170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21170"
}
]
}
}

160
2010/2xxx/CVE-2010-2208.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "41244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41244"
},
{
"name" : "oval:org.mitre.oval:def:7188",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7188"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "41244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41244"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
},
{
"name": "oval:org.mitre.oval:def:7188",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7188"
}
]
}
}

150
2010/2xxx/CVE-2010-2696.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14260",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14260"
},
{
"name" : "66155",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66155"
},
{
"name" : "ADV-2010-1766",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1766"
},
{
"name" : "sijio-parent-sql-injection(60177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66155",
"refsource": "OSVDB",
"url": "http://osvdb.org/66155"
},
{
"name": "14260",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14260"
},
{
"name": "sijio-parent-sql-injection(60177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60177"
},
{
"name": "ADV-2010-1766",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1766"
}
]
}
}

160
2010/2xxx/CVE-2010-2861.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
"refsource" : "MISC",
"url" : "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
},
{
"name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-18.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
},
{
"name" : "8137",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8137"
},
{
"name" : "8148",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-18.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
},
{
"name": "8137",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8137"
},
{
"name": "8148",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8148"
}
]
}
}

120
2010/3xxx/CVE-2010-3364.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598296",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598296",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598296"
}
]
}
}

190
2010/3xxx/CVE-2010-3905.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-3905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://open.eucalyptus.com/wiki/esa-01",
"refsource" : "CONFIRM",
"url" : "http://open.eucalyptus.com/wiki/esa-01"
},
{
"name" : "USN-1033-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1033-1"
},
{
"name" : "45462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45462"
},
{
"name" : "42632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42632"
},
{
"name" : "42666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42666"
},
{
"name" : "ADV-2010-3259",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3259"
},
{
"name" : "ADV-2010-3260",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3260"
},
{
"name" : "eucalyptus-adminui-security-bypass(64167)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64167"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45462"
},
{
"name": "USN-1033-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1033-1"
},
{
"name": "eucalyptus-adminui-security-bypass(64167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64167"
},
{
"name": "42666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42666"
},
{
"name": "ADV-2010-3260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3260"
},
{
"name": "42632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42632"
},
{
"name": "http://open.eucalyptus.com/wiki/esa-01",
"refsource": "CONFIRM",
"url": "http://open.eucalyptus.com/wiki/esa-01"
},
{
"name": "ADV-2010-3259",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3259"
}
]
}
}

130
2011/0xxx/CVE-2011-0256.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4826",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4826"
},
{
"name" : "oval:org.mitre.oval:def:16097",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4826",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4826"
},
{
"name": "oval:org.mitre.oval:def:16097",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16097"
}
]
}
}

260
2011/0xxx/CVE-2011-0495.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff",
"refsource" : "MISC",
"url" : "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2011-001.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"name" : "DSA-2171",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2171"
},
{
"name" : "FEDORA-2011-0794",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"name" : "FEDORA-2011-0774",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"name" : "45839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45839"
},
{
"name" : "70518",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70518"
},
{
"name" : "43119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43119"
},
{
"name" : "42935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42935"
},
{
"name" : "43373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43373"
},
{
"name" : "ADV-2011-0159",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0159"
},
{
"name" : "ADV-2011-0281",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0281"
},
{
"name" : "ADV-2011-0449",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0449"
},
{
"name" : "asterisk-asturiencode-bo(64831)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0159",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0159"
},
{
"name": "FEDORA-2011-0794",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001.html"
},
{
"name": "43373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43373"
},
{
"name": "ADV-2011-0449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0449"
},
{
"name": "70518",
"refsource": "OSVDB",
"url": "http://osvdb.org/70518"
},
{
"name": "45839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45839"
},
{
"name": "ADV-2011-0281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0281"
},
{
"name": "FEDORA-2011-0774",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"
},
{
"name": "DSA-2171",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2171"
},
{
"name": "43119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43119"
},
{
"name": "asterisk-asturiencode-bo(64831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
},
{
"name": "20110118 AST-2011-001: Stack buffer overflow in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515781/100/0/threaded"
},
{
"name": "42935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42935"
}
]
}
}

140
2011/1xxx/CVE-2011-1166.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-1_Host_crash_due_to_failure_to_correctly_validate_PV_kernel_execution_state.",
"refsource" : "CONFIRM",
"url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-1_Host_crash_due_to_failure_to_correctly_validate_PV_kernel_execution_state."
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name" : "RHSA-2011:0833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-1_Host_crash_due_to_failure_to_correctly_validate_PV_kernel_execution_state.",
"refsource": "CONFIRM",
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-1_Host_crash_due_to_failure_to_correctly_validate_PV_kernel_execution_state."
},
{
"name": "RHSA-2011:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
}
]
}
}

310
2011/1xxx/CVE-2011-1591.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17185",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17185"
},
{
"name" : "17195",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17195"
},
{
"name" : "[oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/18/8"
},
{
"name" : "[oss-security] 20110418 Wireshark 1.2.16 / 1.4.5",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/18/2"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-06.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-06.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838"
},
{
"name" : "FEDORA-2011-5529",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html"
},
{
"name" : "FEDORA-2011-5569",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html"
},
{
"name" : "FEDORA-2011-5621",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html"
},
{
"name" : "MDVSA-2011:083",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:083"
},
{
"name" : "VU#243670",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/243670"
},
{
"name" : "71848",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/71848"
},
{
"name" : "oval:org.mitre.oval:def:15000",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15000"
},
{
"name" : "1025389",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025389"
},
{
"name" : "44172",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44172"
},
{
"name" : "44374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44374"
},
{
"name" : "ADV-2011-1022",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1022"
},
{
"name" : "ADV-2011-1106",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1106"
},
{
"name" : "wireshark-dect-bo(66834)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17185",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17185"
},
{
"name": "wireshark-dect-bo(66834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66834"
},
{
"name": "MDVSA-2011:083",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:083"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836"
},
{
"name": "FEDORA-2011-5621",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html"
},
{
"name": "FEDORA-2011-5529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html"
},
{
"name": "17195",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17195"
},
{
"name": "[oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/18/8"
},
{
"name": "oval:org.mitre.oval:def:15000",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15000"
},
{
"name": "FEDORA-2011-5569",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html"
},
{
"name": "44374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44374"
},
{
"name": "71848",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71848"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-06.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-06.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838"
},
{
"name": "44172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44172"
},
{
"name": "1025389",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025389"
},
{
"name": "ADV-2011-1022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1022"
},
{
"name": "VU#243670",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/243670"
},
{
"name": "[oss-security] 20110418 Wireshark 1.2.16 / 1.4.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/18/2"
},
{
"name": "ADV-2011-1106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1106"
}
]
}
}

140
2011/1xxx/CVE-2011-1969.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka \"Poisoned Cup of Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-079",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079"
},
{
"name" : "49983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49983"
},
{
"name" : "oval:org.mitre.oval:def:13032",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka \"Poisoned Cup of Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49983"
},
{
"name": "MS11-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079"
},
{
"name": "oval:org.mitre.oval:def:13032",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13032"
}
]
}
}

150
2011/5xxx/CVE-2011-5144.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html"
},
{
"name" : "78009",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78009"
},
{
"name" : "47139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47139"
},
{
"name" : "obm-test-information-disclosure(71924)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html"
},
{
"name": "78009",
"refsource": "OSVDB",
"url": "http://osvdb.org/78009"
},
{
"name": "obm-test-information-disclosure(71924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71924"
},
{
"name": "47139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47139"
}
]
}
}

150
2014/2xxx/CVE-2014-2965.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140623 SpamTitan contains a reflected cross-site scripting (XSS) vulnerability CVE-2014-2965",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/113"
},
{
"name" : "http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html"
},
{
"name" : "VU#849500",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/849500"
},
{
"name" : "68143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68143"
},
{
"name": "VU#849500",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/849500"
},
{
"name": "20140623 SpamTitan contains a reflected cross-site scripting (XSS) vulnerability CVE-2014-2965",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/113"
},
{
"name": "http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3256.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3256",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3256",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/3xxx/CVE-2014-3293.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3293",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36195",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36195"
},
{
"name" : "20141027 Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3293"
},
{
"name" : "70744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70744"
},
{
"name" : "1031122",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031122"
},
{
"name" : "61830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61830"
},
{
"name" : "cisco-asr901-cve20143293-dos(97769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36195",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36195"
},
{
"name": "70744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70744"
},
{
"name": "61830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61830"
},
{
"name": "1031122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031122"
},
{
"name": "20141027 Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3293"
},
{
"name": "cisco-asr901-cve20143293-dos(97769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97769"
}
]
}
}

130
2014/3xxx/CVE-2014-3760.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140418 CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/246"
},
{
"name" : "http://websecurity.com.ua/7112",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/7112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140418 CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/246"
},
{
"name": "http://websecurity.com.ua/7112",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7112"
}
]
}
}

170
2014/3xxx/CVE-2014-3803.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/",
"refsource" : "MISC",
"url" : "http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/"
},
{
"name" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=360448",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=360448"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=171373&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=171373&view=revision"
},
{
"name" : "67582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67582"
},
{
"name" : "60372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://src.chromium.org/viewvc/blink?revision=171373&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=171373&view=revision"
},
{
"name": "67582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67582"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=360448",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=360448"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name": "60372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60372"
},
{
"name": "http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/",
"refsource": "MISC",
"url": "http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/"
}
]
}
}

180
2014/6xxx/CVE-2014-6315.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23232",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23232"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset?new=986500",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name" : "70204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70204"
},
{
"name" : "61649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61649"
},
{
"name" : "wp-photogallery-cve20146315-xss(96799)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"name": "https://www.htbridge.com/advisory/HTB23232",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"name": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?new=986500",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61649"
}
]
}
}

120
2014/6xxx/CVE-2014-6360.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Global Free Remote Code Execution in Excel Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-083",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Global Free Remote Code Execution in Excel Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"
}
]
}
}

140
2014/6xxx/CVE-2014-6754.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Vector Outage Manager (aka nz.co.vector.outagemanager) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#159481",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/159481"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Vector Outage Manager (aka nz.co.vector.outagemanager) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#159481",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/159481"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6763.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#590065",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/590065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#590065",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/590065"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6865.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application 1.3.14.254 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#518257",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/518257"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application 1.3.14.254 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#518257",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/518257"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7070.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#301249",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/301249"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#301249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/301249"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7456.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#415737",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/415737"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#415737",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/415737"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7475.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#975417",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/975417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#975417",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/975417"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7721.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#949633",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/949633"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#949633",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/949633"
}
]
}
}

170
2014/8xxx/CVE-2014-8612.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name" : "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"name" : "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
},
{
"name" : "FreeBSD-SA-15:02",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc"
},
{
"name" : "72342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72342"
},
{
"name" : "1031648",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"name": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
},
{
"name": "FreeBSD-SA-15:02",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc"
},
{
"name": "72342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72342"
},
{
"name": "1031648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031648"
}
]
}
}

500
2014/8xxx/CVE-2014-8638.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-8638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2015-0046.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2015-0046.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2015-0047.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2015-0047.html"
},
{
"name" : "DSA-3127",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3127"
},
{
"name" : "DSA-3132",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3132"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2015:0046",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
},
{
"name" : "RHSA-2015:0047",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
},
{
"name" : "openSUSE-SU-2015:0133",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
},
{
"name" : "openSUSE-SU-2015:0077",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:0192",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name" : "SUSE-SU-2015:0171",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"name" : "SUSE-SU-2015:0173",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name" : "SUSE-SU-2015:0180",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "USN-2460-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2460-1"
},
{
"name" : "72047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72047"
},
{
"name" : "1031533",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031533"
},
{
"name" : "1031534",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031534"
},
{
"name" : "62237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62237"
},
{
"name" : "62242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62242"
},
{
"name" : "62250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62250"
},
{
"name" : "62446",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62446"
},
{
"name" : "62657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62657"
},
{
"name" : "62790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62790"
},
{
"name" : "62253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62253"
},
{
"name" : "62273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62273"
},
{
"name" : "62274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62274"
},
{
"name" : "62293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62293"
},
{
"name" : "62304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62304"
},
{
"name" : "62313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62313"
},
{
"name" : "62315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62315"
},
{
"name" : "62316",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62316"
},
{
"name" : "62259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62259"
},
{
"name" : "62283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62283"
},
{
"name" : "62418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62418"
},
{
"name" : "firefox-cve20148638-csrf(99958)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0046",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
},
{
"name": "62242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62242"
},
{
"name": "1031533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031533"
},
{
"name": "USN-2460-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2460-1"
},
{
"name": "72047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72047"
},
{
"name": "openSUSE-SU-2015:0192",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name": "62304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62304"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0047.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
},
{
"name": "62259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62259"
},
{
"name": "62250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62250"
},
{
"name": "SUSE-SU-2015:0173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "62237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62237"
},
{
"name": "openSUSE-SU-2015:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name": "62418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62418"
},
{
"name": "SUSE-SU-2015:0171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
},
{
"name": "62316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62316"
},
{
"name": "DSA-3132",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3132"
},
{
"name": "62274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62274"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "62313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62313"
},
{
"name": "RHSA-2015:0047",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
},
{
"name": "62790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62790"
},
{
"name": "62293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62293"
},
{
"name": "62283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62283"
},
{
"name": "firefox-cve20148638-csrf(99958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
},
{
"name": "62446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62446"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "62657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62657"
},
{
"name": "62273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62273"
},
{
"name": "openSUSE-SU-2015:0133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "DSA-3127",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3127"
},
{
"name": "SUSE-SU-2015:0180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"name": "62315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62315"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
},
{
"name": "62253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62253"
},
{
"name": "1031534",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031534"
}
]
}
}

200
2016/2xxx/CVE-2016-2812.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-42.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-42.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1261776",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1261776"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "openSUSE-SU-2016:1211",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name" : "openSUSE-SU-2016:1251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name" : "USN-2936-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name" : "USN-2936-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name" : "USN-2936-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name" : "1035692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1211",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name": "1035692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035692"
},
{
"name": "openSUSE-SU-2016:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name": "USN-2936-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261776",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261776"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-42.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-42.html"
},
{
"name": "USN-2936-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name": "USN-2936-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-3"
}
]
}
}

260
2016/2xxx/CVE-2016-2814.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-44.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-44.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254721",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254721"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3559",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3559"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:0695",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0695.html"
},
{
"name" : "openSUSE-SU-2016:1211",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name" : "SUSE-SU-2016:1258",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html"
},
{
"name" : "openSUSE-SU-2016:1251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name" : "SUSE-SU-2016:1352",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1374",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html"
},
{
"name" : "USN-2936-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name" : "USN-2936-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name" : "USN-2936-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name" : "1035692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1211",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:0695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"
},
{
"name": "1035692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035692"
},
{
"name": "SUSE-SU-2016:1374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html"
},
{
"name": "openSUSE-SU-2016:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name": "USN-2936-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name": "SUSE-SU-2016:1352",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-44.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-44.html"
},
{
"name": "DSA-3559",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3559"
},
{
"name": "USN-2936-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name": "USN-2936-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name": "SUSE-SU-2016:1258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254721",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254721"
}
]
}
}

34
2016/2xxx/CVE-2016-2903.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2903",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2903",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2905.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2905",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2905",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/2xxx/CVE-2016-2914.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988263",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988263"
},
{
"name" : "92334",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92334"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988263",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988263"
}
]
}
}

34
2017/18xxx/CVE-2017-18339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18339",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18339",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/18xxx/CVE-2017-18353.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=759111",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=759111"
},
{
"name" : "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e",
"refsource" : "MISC",
"url" : "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e"
},
{
"name" : "https://github.com/GoogleChrome/rendertron/pull/88",
"refsource" : "MISC",
"url" : "https://github.com/GoogleChrome/rendertron/pull/88"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=759111",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=759111"
},
{
"name": "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e",
"refsource": "MISC",
"url": "https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e"
},
{
"name": "https://github.com/GoogleChrome/rendertron/pull/88",
"refsource": "MISC",
"url": "https://github.com/GoogleChrome/rendertron/pull/88"
}
]
}
}

148
2017/1xxx/CVE-2017-1357.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-1357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "7.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File Manipulation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-1357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006647",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006647"
},
{
"name" : "100214",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100214"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006647",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
]
}
}

34
2017/1xxx/CVE-2017-1580.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1580",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1580",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/5xxx/CVE-2017-5215.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a \"safe file extension\" protection mechanism, leading to remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt",
"refsource" : "MISC",
"url" : "https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a \"safe file extension\" protection mechanism, leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt",
"refsource": "MISC",
"url": "https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt"
}
]
}
}

142
2017/5xxx/CVE-2017-5827.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-05-25T00:00:00",
"ID" : "CVE-2017-5827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Aruba ClearPass Policy Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.6.x"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "reflected cross site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-05-25T00:00:00",
"ID": "CVE-2017-5827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.6.x"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
},
{
"name" : "98722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
},
{
"name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
},
{
"name": "98722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98722"
}
]
}
}

140
2017/5xxx/CVE-2017-5832.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name" : "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource" : "CONFIRM",
"url" : "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name" : "95875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}