admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:02:36 +00:00
parent b3d8ac2265
commit 546f6355de
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4189 additions and 4189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2006/0xxx/CVE-2006-0465.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/22/22715-active121.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/22/22715-active121.txt"
},
{
"name" : "22715",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22715"
},
{
"name": "http://osvdb.org/ref/22/22715-active121.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/22/22715-active121.txt"
}
]
}
}

180
2006/3xxx/CVE-2006-3313.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060622 [Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438164/100/0/threaded"
},
{
"name" : "http://www.kil13r.info/sa/xss/smartnetxss.jpg",
"refsource" : "MISC",
"url" : "http://www.kil13r.info/sa/xss/smartnetxss.jpg"
},
{
"name" : "http://www.kil13r.info/sa/Kil13r-SA-20060622-1.txt",
"refsource" : "MISC",
"url" : "http://www.kil13r.info/sa/Kil13r-SA-20060622-1.txt"
},
{
"name" : "18600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18600"
},
{
"name" : "1016367",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016367"
},
{
"name" : "1168",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1168"
},
{
"name" : "smartnet-search-xss(27411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kil13r.info/sa/xss/smartnetxss.jpg",
"refsource": "MISC",
"url": "http://www.kil13r.info/sa/xss/smartnetxss.jpg"
},
{
"name": "http://www.kil13r.info/sa/Kil13r-SA-20060622-1.txt",
"refsource": "MISC",
"url": "http://www.kil13r.info/sa/Kil13r-SA-20060622-1.txt"
},
{
"name": "1016367",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016367"
},
{
"name": "18600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18600"
},
{
"name": "smartnet-search-xss(27411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27411"
},
{
"name": "20060622 [Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438164/100/0/threaded"
},
{
"name": "1168",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1168"
}
]
}
}

180
2006/3xxx/CVE-2006-3782.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102512",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102512-1"
},
{
"name" : "19080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19080"
},
{
"name" : "ADV-2006-2886",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2886"
},
{
"name" : "oval:org.mitre.oval:def:2223",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2223"
},
{
"name" : "1016540",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016540"
},
{
"name" : "21133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21133"
},
{
"name" : "solaris-kmdb-dos(27844)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102512",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102512-1"
},
{
"name": "solaris-kmdb-dos(27844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27844"
},
{
"name": "ADV-2006-2886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2886"
},
{
"name": "1016540",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016540"
},
{
"name": "oval:org.mitre.oval:def:2223",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2223"
},
{
"name": "21133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21133"
},
{
"name": "19080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19080"
}
]
}
}

200
2006/3xxx/CVE-2006-3853.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060814 Informix - Discovery, Attack and Defense",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
},
{
"name" : "20060814 Informix Long Username Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
},
{
"name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
"refsource" : "MISC",
"url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
},
{
"name" : "19264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19264"
},
{
"name" : "ADV-2006-3077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3077"
},
{
"name" : "27685",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27685"
},
{
"name" : "21301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21301"
},
{
"name" : "informix-username-bo(28122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
},
{
"name": "20060814 Informix Long Username Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
},
{
"name": "20060814 Informix - Discovery, Attack and Defense",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
},
{
"name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
"refsource": "MISC",
"url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
},
{
"name": "27685",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27685"
},
{
"name": "21301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21301"
},
{
"name": "19264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19264"
},
{
"name": "informix-username-bo(28122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
},
{
"name": "ADV-2006-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3077"
}
]
}
}

150
2006/4xxx/CVE-2006-4138.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060812 Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443034/100/0/threaded"
},
{
"name" : "20060812 Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443039/100/0/threaded"
},
{
"name" : "19490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19490"
},
{
"name" : "1382",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1382"
},
{
"name": "19490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19490"
},
{
"name": "20060812 Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443034/100/0/threaded"
},
{
"name": "20060812 Re: Microsoft Help (WINHLP32.EXE) - Multiple Remote Code Execution and Denial Of Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443039/100/0/threaded"
}
]
}
}

220
2006/4xxx/CVE-2006-4406.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.musecurity.com/advisories/MU-200611-01.txt",
"refsource" : "MISC",
"url" : "http://labs.musecurity.com/advisories/MU-200611-01.txt"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=304829",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name" : "APPLE-SA-2006-11-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name" : "TA06-333A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name" : "VU#870960",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/870960"
},
{
"name" : "21335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21335"
},
{
"name" : "ADV-2006-4750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name" : "30732",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30732"
},
{
"name" : "1017305",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017305"
},
{
"name" : "23155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23155"
},
{
"name" : "macos-ppp-bo(30627)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30627"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "VU#870960",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/870960"
},
{
"name": "1017305",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017305"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200611-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200611-01.txt"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "macos-ppp-bo(30627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30627"
},
{
"name": "30732",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30732"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}

160
2006/4xxx/CVE-2006-4722.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060910 Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445743/100/0/threaded"
},
{
"name" : "19937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19937"
},
{
"name" : "ADV-2006-3546",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3546"
},
{
"name" : "1552",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1552"
},
{
"name" : "openbb-index-file-include(28838)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19937"
},
{
"name": "ADV-2006-3546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3546"
},
{
"name": "openbb-index-file-include(28838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28838"
},
{
"name": "20060910 Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445743/100/0/threaded"
},
{
"name": "1552",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1552"
}
]
}
}

130
2006/4xxx/CVE-2006-4772.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060911 HotPlug CMS Config File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445761/100/0/threaded"
},
{
"name" : "1572",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1572",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1572"
},
{
"name": "20060911 HotPlug CMS Config File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445761/100/0/threaded"
}
]
}
}

240
2006/6xxx/CVE-2006-6811.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070109 [KDE Security Advisory] ksirc Denial of Service vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456379/100/0/threaded"
},
{
"name" : "3023",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3023"
},
{
"name" : "http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468",
"refsource" : "MISC",
"url" : "http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468"
},
{
"name" : "http://www.kde.org/info/security/advisory-20070109-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20070109-1.txt"
},
{
"name" : "https://issues.rpath.com/browse/RPL-922",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-922"
},
{
"name" : "GLSA-200701-26",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200701-26.xml"
},
{
"name" : "MDKSA-2007:009",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:009"
},
{
"name" : "USN-409-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-409-1"
},
{
"name" : "21790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21790"
},
{
"name" : "ADV-2006-5199",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5199"
},
{
"name" : "33443",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33443"
},
{
"name" : "1017453",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017453"
},
{
"name" : "ksirc-privmsg-bo(31134)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-409-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-409-1"
},
{
"name": "https://issues.rpath.com/browse/RPL-922",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-922"
},
{
"name": "3023",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3023"
},
{
"name": "ADV-2006-5199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5199"
},
{
"name": "20070109 [KDE Security Advisory] ksirc Denial of Service vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456379/100/0/threaded"
},
{
"name": "21790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21790"
},
{
"name": "MDKSA-2007:009",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:009"
},
{
"name": "http://www.kde.org/info/security/advisory-20070109-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20070109-1.txt"
},
{
"name": "ksirc-privmsg-bo(31134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31134"
},
{
"name": "33443",
"refsource": "OSVDB",
"url": "http://osvdb.org/33443"
},
{
"name": "1017453",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017453"
},
{
"name": "http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468",
"refsource": "MISC",
"url": "http://www.addict3d.org/index.php?page=viewarticle&trace=0&type=security&ID=8468"
},
{
"name": "GLSA-200701-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200701-26.xml"
}
]
}
}

170
2006/6xxx/CVE-2006-6855.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=8473",
"refsource" : "MISC",
"url" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=8473"
},
{
"name" : "3034",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3034"
},
{
"name" : "21816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21816"
},
{
"name" : "1017455",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017455"
},
{
"name" : "23569",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23569"
},
{
"name" : "aidex-http-request-dos(31153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23569"
},
{
"name": "3034",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3034"
},
{
"name": "aidex-http-request-dos(31153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31153"
},
{
"name": "21816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21816"
},
{
"name": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=8473",
"refsource": "MISC",
"url": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=8473"
},
{
"name": "1017455",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017455"
}
]
}
}

120
2006/6xxx/CVE-2006-6983.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html"
}
]
}
}

130
2006/7xxx/CVE-2006-7185.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2766",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2766"
},
{
"name" : "cmsmelborp-user-file-include(30192)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cmsmelborp-user-file-include(30192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30192"
},
{
"name": "2766",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2766"
}
]
}
}

120
2010/2xxx/CVE-2010-2082.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html"
}
]
}
}

160
2010/2xxx/CVE-2010-2695.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100705 Xlight FTPd Multiple Directory Traversal in SFTP",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512192/100/0/threaded"
},
{
"name" : "http://www.xlightftpd.com/whatsnew.htm",
"refsource" : "CONFIRM",
"url" : "http://www.xlightftpd.com/whatsnew.htm"
},
{
"name" : "66037",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66037"
},
{
"name" : "40473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40473"
},
{
"name" : "xlight-sftp-directory-traversal(60151)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60151"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100705 Xlight FTPd Multiple Directory Traversal in SFTP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512192/100/0/threaded"
},
{
"name": "http://www.xlightftpd.com/whatsnew.htm",
"refsource": "CONFIRM",
"url": "http://www.xlightftpd.com/whatsnew.htm"
},
{
"name": "xlight-sftp-directory-traversal(60151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60151"
},
{
"name": "66037",
"refsource": "OSVDB",
"url": "http://osvdb.org/66037"
},
{
"name": "40473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40473"
}
]
}
}

190
2011/0xxx/CVE-2011-0031.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka \"Scripting Engines Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-009"
},
{
"name" : "46139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46139"
},
{
"name" : "70827",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70827"
},
{
"name" : "oval:org.mitre.oval:def:12313",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12313"
},
{
"name" : "1025044",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025044"
},
{
"name" : "43249",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43249"
},
{
"name" : "ADV-2011-0322",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0322"
},
{
"name" : "ms-win-jscript-info-disclosure(64919)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka \"Scripting Engines Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-009"
},
{
"name": "46139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46139"
},
{
"name": "ms-win-jscript-info-disclosure(64919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64919"
},
{
"name": "1025044",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025044"
},
{
"name": "43249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43249"
},
{
"name": "70827",
"refsource": "OSVDB",
"url": "http://osvdb.org/70827"
},
{
"name": "ADV-2011-0322",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0322"
},
{
"name": "oval:org.mitre.oval:def:12313",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12313"
}
]
}
}

280
2011/0xxx/CVE-2011-0530.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110128 CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/28/3"
},
{
"name" : "[oss-security] 20110131 Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/31/7"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=673562",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=673562"
},
{
"name" : "https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8",
"refsource" : "CONFIRM",
"url" : "https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8"
},
{
"name" : "DSA-2183",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2183"
},
{
"name" : "FEDORA-2011-1097",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html"
},
{
"name" : "FEDORA-2011-1108",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html"
},
{
"name" : "GLSA-201206-35",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-35.xml"
},
{
"name" : "openSUSE-SU-2011:0193",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/8086846"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "46572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46572"
},
{
"name" : "43353",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43353"
},
{
"name" : "43610",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43610"
},
{
"name" : "ADV-2011-0403",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0403"
},
{
"name" : "ADV-2011-0582",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0582"
},
{
"name" : "networkblock-nbdserver-bo(65720)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201206-35",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-35.xml"
},
{
"name": "https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8",
"refsource": "CONFIRM",
"url": "https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8"
},
{
"name": "43610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43610"
},
{
"name": "FEDORA-2011-1097",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html"
},
{
"name": "ADV-2011-0403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0403"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=673562",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=673562"
},
{
"name": "[oss-security] 20110128 CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/28/3"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "networkblock-nbdserver-bo(65720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65720"
},
{
"name": "[oss-security] 20110131 Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/31/7"
},
{
"name": "ADV-2011-0582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0582"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187"
},
{
"name": "FEDORA-2011-1108",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html"
},
{
"name": "46572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46572"
},
{
"name": "openSUSE-SU-2011:0193",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8086846"
},
{
"name": "DSA-2183",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2183"
},
{
"name": "43353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43353"
}
]
}
}

150
2011/0xxx/CVE-2011-0552.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00"
},
{
"name" : "49739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49739"
},
{
"name" : "1026130",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1026130"
},
{
"name" : "43157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49739"
},
{
"name": "1026130",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026130"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00"
},
{
"name": "43157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43157"
}
]
}
}

200
2011/0xxx/CVE-2011-0751.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110315 [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517026/100/0/threaded"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"
},
{
"name" : "http://www.nazgul.ch/dev_nostromo.html",
"refsource" : "CONFIRM",
"url" : "http://www.nazgul.ch/dev_nostromo.html"
},
{
"name" : "46880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46880"
},
{
"name" : "71235",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71235"
},
{
"name" : "43775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43775"
},
{
"name" : "8140",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8140"
},
{
"name" : "ADV-2011-0674",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0674"
},
{
"name" : "nostromo-http-command-execution(66103)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"
},
{
"name": "nostromo-http-command-execution(66103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"
},
{
"name": "http://www.nazgul.ch/dev_nostromo.html",
"refsource": "CONFIRM",
"url": "http://www.nazgul.ch/dev_nostromo.html"
},
{
"name": "46880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46880"
},
{
"name": "20110315 [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517026/100/0/threaded"
},
{
"name": "ADV-2011-0674",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0674"
},
{
"name": "71235",
"refsource": "OSVDB",
"url": "http://osvdb.org/71235"
},
{
"name": "43775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43775"
},
{
"name": "8140",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8140"
}
]
}
}

150
2011/1xxx/CVE-2011-1456.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale pointers.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=79364",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=79364"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14356",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14356"
},
{
"name" : "chrome-pdf-forms-code-exec(67162)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to \"stale pointers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14356",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14356"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "chrome-pdf-forms-code-exec(67162)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67162"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=79364",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=79364"
}
]
}
}

190
2011/1xxx/CVE-2011-1532.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI02656",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130262523515904&w=2"
},
{
"name" : "SSRT090262",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130262523515904&w=2"
},
{
"name" : "47319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47319"
},
{
"name" : "1025315",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025315"
},
{
"name" : "44143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44143"
},
{
"name" : "8203",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8203"
},
{
"name" : "ADV-2011-0931",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0931"
},
{
"name" : "photosmart-snmp-data-manipulation(66685)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66685"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8203",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8203"
},
{
"name": "ADV-2011-0931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0931"
},
{
"name": "44143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44143"
},
{
"name": "photosmart-snmp-data-manipulation(66685)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66685"
},
{
"name": "1025315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025315"
},
{
"name": "HPSBPI02656",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130262523515904&w=2"
},
{
"name": "SSRT090262",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130262523515904&w=2"
},
{
"name": "47319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47319"
}
]
}
}

34
2011/1xxx/CVE-2011-1612.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1612",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1612",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2011/1xxx/CVE-2011-1625.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a \"narrow timing window,\" aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a \"narrow timing window,\" aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.html"
}
]
}
}

130
2011/4xxx/CVE-2011-4524.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
},
{
"name" : "52051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
},
{
"name": "52051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52051"
}
]
}
}

120
2011/4xxx/CVE-2011-4723.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://en.securitylab.ru/lab/PT-2011-30",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2011-30"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-30",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-30"
}
]
}
}

160
2011/5xxx/CVE-2011-5208.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110228 BackWPup Wordpress plugin <= 1.4.0 File content disclosure",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0663.html"
},
{
"name" : "http://wordpress.org/extend/plugins/backwpup/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/backwpup/changelog/"
},
{
"name" : "71242",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/71242"
},
{
"name" : "71243",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/71243"
},
{
"name" : "43565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43565"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71242",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71242"
},
{
"name": "http://wordpress.org/extend/plugins/backwpup/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/backwpup/changelog/"
},
{
"name": "20110228 BackWPup Wordpress plugin <= 1.4.0 File content disclosure",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0663.html"
},
{
"name": "43565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43565"
},
{
"name": "71243",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71243"
}
]
}
}

130
2014/2xxx/CVE-2014-2060.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-2060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/02/21/2"
},
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
}
]
}
}

120
2014/2xxx/CVE-2014-2457.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related to Install."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related to Install."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

620
2014/3xxx/CVE-2014-3175.json
View File

@ -1,312 +1,312 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=149871",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=149871"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=337572",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=337572"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=350782",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=350782"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=357452",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=357452"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=364062",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=364062"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=366687",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=366687"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=367991",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=367991"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=368978",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=368978"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=372410",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=372410"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=372413",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=372413"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=379656",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=379656"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=381031",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=381031"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=381244",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=381244"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=381521",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=381521"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382240",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382240"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382241",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382241"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382242",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382242"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382243",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382243"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382601",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382601"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382606",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382606"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382639",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382639"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382656",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382656"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=382820",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=382820"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=383703",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=383703"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=384662",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=384662"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=387016",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=387016"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=387315",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=387315"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=387371",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=387371"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=388771",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=388771"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389216",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389216"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389280",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389280"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389285",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389285"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389316",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389316"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389570",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389570"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=390176",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=390176"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=390304",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=390304"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=393938",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=393938"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=394026",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=394026"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=395972",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=395972"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=396255",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=396255"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=397258",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=397258"
},
{
"name" : "https://crbug.com/406143",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/406143"
},
{
"name" : "DSA-3039",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3039"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:1151",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html"
},
{
"name" : "69402",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69402"
},
{
"name" : "1030767",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030767"
},
{
"name" : "60424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60424"
},
{
"name" : "60268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60268"
},
{
"name" : "google-chrome-cve20143175-unspec(95475)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389216",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389216"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389280",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389280"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382242",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382242"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=393938",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=393938"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=357452",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=357452"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382243",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382243"
},
{
"name": "69402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69402"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=379656",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=379656"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382240",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382240"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=387371",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=387371"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389570",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389570"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382639",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382639"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=396255",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=396255"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=364062",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=364062"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382656",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382656"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=384662",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=384662"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=381244",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=381244"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=390176",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=390176"
},
{
"name": "60424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60424"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=372410",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=372410"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=368978",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=368978"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=372413",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=372413"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=390304",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=390304"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389285",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389285"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382601",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382601"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=366687",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=366687"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=383703",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=383703"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=350782",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=350782"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=381031",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=381031"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382606",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382606"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=367991",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=367991"
},
{
"name": "openSUSE-SU-2014:1151",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=381521",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=381521"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389316",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389316"
},
{
"name": "https://crbug.com/406143",
"refsource": "CONFIRM",
"url": "https://crbug.com/406143"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=149871",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=149871"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=388771",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=388771"
},
{
"name": "60268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60268"
},
{
"name": "google-chrome-cve20143175-unspec(95475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95475"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382820",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382820"
},
{
"name": "1030767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030767"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=387315",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=387315"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=387016",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=387016"
},
{
"name": "DSA-3039",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3039"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=394026",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=394026"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=382241",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=382241"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=395972",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=395972"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=337572",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=337572"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=397258",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=397258"
}
]
}
}

130
2014/3xxx/CVE-2014-3407.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3407",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
},
{
"name" : "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36542"
},
{
"name": "20141126 Cisco ASA SSL VPN Memory Blocks Exhaustion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407"
}
]
}
}

480
2014/3xxx/CVE-2014-3512.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource" : "MLIST",
"url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b"
},
{
"name" : "https://www.openssl.org/news/secadv_20140806.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name" : "http://www.tenable.com/security/tns-2014-06",
"refsource" : "CONFIRM",
"url" : "http://www.tenable.com/security/tns-2014-06"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html",
"refsource" : "CONFIRM",
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name" : "DSA-2998",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2998"
},
{
"name" : "FreeBSD-SA-14:18",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name" : "GLSA-201412-39",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name" : "HPSBHF03293",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "SSRT101846",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "NetBSD-SA2014-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name" : "openSUSE-SU-2014:1052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name" : "69083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69083"
},
{
"name" : "1030693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030693"
},
{
"name" : "60810",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60810"
},
{
"name" : "60917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60917"
},
{
"name" : "60921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60921"
},
{
"name" : "61775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61775"
},
{
"name" : "61959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61959"
},
{
"name" : "59756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59756"
},
{
"name" : "60803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60803"
},
{
"name" : "61017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61017"
},
{
"name" : "61100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61100"
},
{
"name" : "61171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61171"
},
{
"name" : "61184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61184"
},
{
"name" : "59700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59700"
},
{
"name" : "59710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59710"
},
{
"name" : "60022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60022"
},
{
"name" : "60221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60221"
},
{
"name" : "60493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60493"
},
{
"name" : "openssl-cve20143512-dos(95158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "60221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "61184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61184"
},
{
"name": "SSRT101846",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "60022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60022"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
},
{
"name": "https://www.openssl.org/news/secadv_20140806.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61017"
},
{
"name": "openssl-cve20143512-dos(95158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "HPSBHF03293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "60803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60803"
},
{
"name": "59700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59700"
},
{
"name": "1030693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "60917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60917"
},
{
"name": "http://www.tenable.com/security/tns-2014-06",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2014-06"
},
{
"name": "NetBSD-SA2014-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60921"
},
{
"name": "60810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60810"
},
{
"name": "69083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69083"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61100"
},
{
"name": "FreeBSD-SA-14:18",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61775"
},
{
"name": "DSA-2998",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59756"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "61171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61171"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
]
}
}

200
2014/3xxx/CVE-2014-3623.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141024 New security advisories released for Apache CXF",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/437"
},
{
"name" : "https://issues.apache.org/jira/browse/WSS-511",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/WSS-511"
},
{
"name" : "RHSA-2015:0236",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0236.html"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name" : "RHSA-2015:0851",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name" : "70736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70736"
},
{
"name" : "61909",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61909"
},
{
"name" : "apache-cxf-cve20143623-sec-bypass(97754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97754"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70736"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "[oss-security] 20141024 New security advisories released for Apache CXF",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/437"
},
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "61909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61909"
},
{
"name": "https://issues.apache.org/jira/browse/WSS-511",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/WSS-511"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "RHSA-2015:0236",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0236.html"
},
{
"name": "apache-cxf-cve20143623-sec-bypass(97754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97754"
}
]
}
}

170
2014/3xxx/CVE-2014-3871.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33075",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33075"
},
{
"name" : "http://geodesicsolutions.com/changelog/7.3/changelog.html",
"refsource" : "MISC",
"url" : "http://geodesicsolutions.com/changelog/7.3/changelog.html"
},
{
"name" : "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html"
},
{
"name" : "67078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67078"
},
{
"name" : "106364",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/106364"
},
{
"name" : "58308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106364",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/106364"
},
{
"name": "http://geodesicsolutions.com/changelog/7.3/changelog.html",
"refsource": "MISC",
"url": "http://geodesicsolutions.com/changelog/7.3/changelog.html"
},
{
"name": "67078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67078"
},
{
"name": "58308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58308"
},
{
"name": "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126329/GeoCore-MAX-DB-7.3.3-Blind-SQL-Injection.html"
},
{
"name": "33075",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33075"
}
]
}
}

150
2014/6xxx/CVE-2014-6497.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70557"
},
{
"name" : "1031032",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031032"
},
{
"name" : "61593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70557"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "1031032",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031032"
},
{
"name": "61593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61593"
}
]
}
}

130
2014/6xxx/CVE-2014-6521.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "1031583",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031583"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}
}

160
2014/6xxx/CVE-2014-6617.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141105 CVE-2014-6617 Softing FG-100 Backdoor Account",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533902/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html"
},
{
"name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt",
"refsource" : "MISC",
"url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt"
},
{
"name" : "70927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70927"
},
{
"name" : "fg100pb-cve20146617-default-account(98512)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98512"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70927"
},
{
"name": "fg100pb-cve20146617-default-account(98512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98512"
},
{
"name": "20141105 CVE-2014-6617 Softing FG-100 Backdoor Account",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533902/100/0/threaded"
},
{
"name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt"
},
{
"name": "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6900.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#363289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/363289"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#363289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/363289"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

210
2014/7xxx/CVE-2014-7191.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685987",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685987"
},
{
"name" : "https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8",
"refsource" : "CONFIRM",
"url" : "https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8"
},
{
"name" : "https://github.com/visionmedia/node-querystring/issues/104",
"refsource" : "CONFIRM",
"url" : "https://github.com/visionmedia/node-querystring/issues/104"
},
{
"name" : "https://nodesecurity.io/advisories/qs_dos_memory_exhaustion",
"refsource" : "CONFIRM",
"url" : "https://nodesecurity.io/advisories/qs_dos_memory_exhaustion"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687928",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687928"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263"
},
{
"name" : "RHSA-2016:1380",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1380"
},
{
"name" : "60026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60026"
},
{
"name" : "62170",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62170"
},
{
"name" : "nodejs-cve20147191-dos(96729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60026"
},
{
"name": "62170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62170"
},
{
"name": "https://github.com/visionmedia/node-querystring/issues/104",
"refsource": "CONFIRM",
"url": "https://github.com/visionmedia/node-querystring/issues/104"
},
{
"name": "https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8",
"refsource": "CONFIRM",
"url": "https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8"
},
{
"name": "RHSA-2016:1380",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1380"
},
{
"name": "https://nodesecurity.io/advisories/qs_dos_memory_exhaustion",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/qs_dos_memory_exhaustion"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687928",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687928"
},
{
"name": "nodejs-cve20147191-dos(96729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96729"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685987",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685987"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263"
}
]
}
}

140
2014/7xxx/CVE-2014-7741.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#563137",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/563137"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#563137",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/563137"
}
]
}
}

34
2014/7xxx/CVE-2014-7949.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7949",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7949",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/2xxx/CVE-2016-2480.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
},
{
"name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
},
{
"name": "https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8"
}
]
}
}

34
2016/2xxx/CVE-2016-2578.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2578",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2578",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

120
2017/18xxx/CVE-2017-18124.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Out-of-range Pointer Offset in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

176
2017/1xxx/CVE-2017-1326.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2"
},
{
"version_value" : "5.2.1"
},
{
"version_value" : "5.2.2"
},
{
"version_value" : "5.2.3"
},
{
"version_value" : "5.2.4"
},
{
"version_value" : "5.2.5"
},
{
"version_value" : "5.2.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.2.3"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.2.5"
},
{
"version_value": "5.2.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126060",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126060"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004274",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004274"
},
{
"name" : "99183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99183"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126060",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126060"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004274",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004274"
}
]
}
}

34
2017/1xxx/CVE-2017-1397.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1397",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1397",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1778.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1778",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1778",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2017/1xxx/CVE-2017-1794.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-17T00:00:00",
"ID" : "CVE-2017-1794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tivoli Monitoring",
"version" : {
"version_data" : [
{
"version_value" : "6.2.3"
},
{
"version_value" : "6.2.3.1"
},
{
"version_value" : "6.2.3.2"
},
{
"version_value" : "6.3.0"
},
{
"version_value" : "6.2.3.3"
},
{
"version_value" : "6.2.3.4"
},
{
"version_value" : "6.2.3.5"
},
{
"version_value" : "6.3.0.1"
},
{
"version_value" : "6.3.0.2"
},
{
"version_value" : "6.3.0.3"
},
{
"version_value" : "6.3.0.4"
},
{
"version_value" : "6.3.0.5"
},
{
"version_value" : "6.3.0.6"
},
{
"version_value" : "6.3.0.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "H",
"PR" : "L",
"S" : "U",
"SCORE" : "7.500",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-17T00:00:00",
"ID": "CVE-2017-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Monitoring",
"version": {
"version_data": [
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.2.3.2"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.2.3.3"
},
{
"version_value": "6.2.3.4"
},
{
"version_value": "6.2.3.5"
},
{
"version_value": "6.3.0.1"
},
{
"version_value": "6.3.0.2"
},
{
"version_value": "6.3.0.3"
},
{
"version_value": "6.3.0.4"
},
{
"version_value": "6.3.0.5"
},
{
"version_value": "6.3.0.6"
},
{
"version_value": "6.3.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22014097"
},
{
"name" : "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"SCORE": "7.500",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014097"
}
]
}
}

34
2017/1xxx/CVE-2017-1930.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1930",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1930",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/1xxx/CVE-2017-1986.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1986",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1986",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/5xxx/CVE-2017-5325.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5325",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5325",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/5xxx/CVE-2017-5328.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/72",
"refsource" : "CONFIRM",
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/72"
},
{
"name" : "95823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95823"
},
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/72",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/72"
}
]
}
}

34
2017/5xxx/CVE-2017-5437.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5437",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a duplicate of CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. Notes: All CVE users should reference CVE-2016-10195, CVE-2016-10196, and/or CVE-2016-10197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-5437",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a duplicate of CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. Notes: All CVE users should reference CVE-2016-10195, CVE-2016-10196, and/or CVE-2016-10197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

214
2017/5xxx/CVE-2017-5527.json
View File

@ -1,109 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2017-05-09T09:00:00-07",
"ID" : "CVE-2017-5527",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Spotfire injection vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Spotfire Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.5.0"
},
{
"version_value" : "7.6.0"
},
{
"version_value" : "7.7.0"
},
{
"version_value" : "7.8.0"
}
]
}
},
{
"product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version" : {
"version_data" : [
{
"version_value" : "7.8.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.3",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL injection attack"
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-05-09T09:00:00-07",
"ID": "CVE-2017-5527",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire injection vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
},
{
"version_value": "7.7.0"
},
{
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_value": "7.8.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
},
{
"name" : "98398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "4.3",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
},
{
"name": "98398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98398"
}
]
}
}

160
2017/5xxx/CVE-2017-5594.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41143",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41143/"
},
{
"name" : "https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b",
"refsource" : "MISC",
"url" : "https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b"
},
{
"name" : "https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf",
"refsource" : "MISC",
"url" : "https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf"
},
{
"name" : "https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt",
"refsource" : "MISC",
"url" : "https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt"
},
{
"name" : "95806",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95806"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95806"
},
{
"name": "https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt",
"refsource": "MISC",
"url": "https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt"
},
{
"name": "https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b",
"refsource": "MISC",
"url": "https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b"
},
{
"name": "https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf",
"refsource": "MISC",
"url": "https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf"
},
{
"name": "41143",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41143/"
}
]
}
}

132
2017/5xxx/CVE-2017-5736.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2017-5736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Software Guard Extensions Platform Software Component",
"version" : {
"version_data" : [
{
"version_value" : "before 1.9.105.4232"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2017-5736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Software Guard Extensions Platform Software Component",
"version": {
"version_data": [
{
"version_value": "before 1.9.105.4232"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00117&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00117&languageid=en-fr"
},
{
"name" : "103482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103482"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00117&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00117&languageid=en-fr"
}
]
}
}