admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:22:46 +00:00
parent dcac1cfd16
commit 5adacb0be8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4795 additions and 4795 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/3xxx/CVE-2006-3122.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with \"corrupt lease uid.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-3122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273"
},
{
"name" : "DSA-1143",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1143"
},
{
"name" : "[3.9] 20060825 006: SECURITY FIX: August 25, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata.html#dhcpd"
},
{
"name" : "19348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19348"
},
{
"name" : "ADV-2006-3158",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3158"
},
{
"name" : "1016755",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016755"
},
{
"name" : "21345",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21345"
},
{
"name" : "21363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21363"
},
{
"name" : "21655",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with \"corrupt lease uid.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273"
},
{
"name": "DSA-1143",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1143"
},
{
"name": "ADV-2006-3158",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3158"
},
{
"name": "21655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21655"
},
{
"name": "21363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21363"
},
{
"name": "[3.9] 20060825 006: SECURITY FIX: August 25, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#dhcpd"
},
{
"name": "19348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19348"
},
{
"name": "21345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21345"
},
{
"name": "1016755",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016755"
}
]
}
}

140
2006/3xxx/CVE-2006-3356.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.security-protocols.com/sp-x31-advisory.php",
"refsource" : "MISC",
"url" : "http://www.security-protocols.com/sp-x31-advisory.php"
},
{
"name" : "ADV-2006-2606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2606"
},
{
"name" : "macosx-tifffetcharray-dos(27482)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2606"
},
{
"name": "macosx-tifffetcharray-dos(27482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482"
},
{
"name": "http://www.security-protocols.com/sp-x31-advisory.php",
"refsource": "MISC",
"url": "http://www.security-protocols.com/sp-x31-advisory.php"
}
]
}
}

130
2006/3xxx/CVE-2006-3557.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060709 MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439611/100/0/threaded"
},
{
"name" : "1235",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1235",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1235"
},
{
"name": "20060709 MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439611/100/0/threaded"
}
]
}
}

230
2006/3xxx/CVE-2006-3714.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

130
2006/4xxx/CVE-2006-4119.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21355"
},
{
"name" : "geheimchaos-gc-registieren-sql-injection(28221)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21355"
},
{
"name": "geheimchaos-gc-registieren-sql-injection(28221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28221"
}
]
}
}

360
2006/4xxx/CVE-2006-4538.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lkml.org/lkml/2006/9/4/116",
"refsource" : "CONFIRM",
"url" : "http://lkml.org/lkml/2006/9/4/116"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm"
},
{
"name" : "DSA-1233",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1233"
},
{
"name" : "DSA-1237",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1237"
},
{
"name" : "MDKSA-2007:060",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060"
},
{
"name" : "RHSA-2007:0014",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html"
},
{
"name" : "RHSA-2007:1049",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1049.html"
},
{
"name" : "RHSA-2008:0787",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
},
{
"name" : "SUSE-SA:2006:079",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name" : "USN-347-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-347-1"
},
{
"name" : "19702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19702"
},
{
"name" : "oval:org.mitre.oval:def:10301",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10301"
},
{
"name" : "ADV-2006-3670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3670"
},
{
"name" : "21999",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21999"
},
{
"name" : "21967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21967"
},
{
"name" : "23370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23370"
},
{
"name" : "23395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23395"
},
{
"name" : "23997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23997"
},
{
"name" : "24206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24206"
},
{
"name" : "24482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24482"
},
{
"name" : "23474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23474"
},
{
"name" : "27913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27913"
},
{
"name" : "33280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33280"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2006:079",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name": "oval:org.mitre.oval:def:10301",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10301"
},
{
"name": "RHSA-2007:1049",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1049.html"
},
{
"name": "27913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27913"
},
{
"name": "RHSA-2007:0014",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11"
},
{
"name": "DSA-1237",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1237"
},
{
"name": "33280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33280"
},
{
"name": "24206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24206"
},
{
"name": "23474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23474"
},
{
"name": "21967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21967"
},
{
"name": "USN-347-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-347-1"
},
{
"name": "ADV-2006-3670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3670"
},
{
"name": "DSA-1233",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1233"
},
{
"name": "23370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23370"
},
{
"name": "21999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21999"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254"
},
{
"name": "23997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23997"
},
{
"name": "24482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24482"
},
{
"name": "http://lkml.org/lkml/2006/9/4/116",
"refsource": "CONFIRM",
"url": "http://lkml.org/lkml/2006/9/4/116"
},
{
"name": "19702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19702"
},
{
"name": "RHSA-2008:0787",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
},
{
"name": "23395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23395"
},
{
"name": "MDKSA-2007:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060"
}
]
}
}

160
2006/4xxx/CVE-2006-4784.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2"
},
{
"name" : "19995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19995"
},
{
"name" : "ADV-2006-3591",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3591"
},
{
"name" : "21899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21899"
},
{
"name" : "moodle-index-xss(28905)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28905"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2"
},
{
"name": "19995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19995"
},
{
"name": "21899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21899"
},
{
"name": "moodle-index-xss(28905)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28905"
},
{
"name": "ADV-2006-3591",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3591"
}
]
}
}

34
2006/4xxx/CVE-2006-4929.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4929",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4929",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2006/4xxx/CVE-2006-4967.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060915 NextAge Cart Cross-Site Scripting multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446412/100/0/threaded"
},
{
"name" : "20040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20040"
},
{
"name" : "ADV-2006-3709",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3709"
},
{
"name" : "1016888",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016888"
},
{
"name" : "22030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22030"
},
{
"name" : "1625",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060915 NextAge Cart Cross-Site Scripting multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446412/100/0/threaded"
},
{
"name": "22030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22030"
},
{
"name": "20040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20040"
},
{
"name": "1016888",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016888"
},
{
"name": "1625",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1625"
},
{
"name": "ADV-2006-3709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3709"
}
]
}
}

130
2006/6xxx/CVE-2006-6192.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-4742",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4742"
},
{
"name" : "23098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4742",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4742"
},
{
"name": "23098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23098"
}
]
}
}

240
2006/6xxx/CVE-2006-6288.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071227 Re: Re: Re: TotalPlayer 3.0 .m3u crash",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485578/100/100/threaded"
},
{
"name" : "20071227 Re: Re: TotalPlayer 3.0 .m3u crash",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485564/100/100/threaded"
},
{
"name" : "20071227 Re: TotalPlayer 3.0 .m3u crash",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485547/100/100/threaded"
},
{
"name" : "20061213 Coolplayer buffer overflow vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051269.html"
},
{
"name" : "4839",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4839"
},
{
"name" : "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log",
"refsource" : "CONFIRM",
"url" : "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783"
},
{
"name" : "21396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21396"
},
{
"name" : "ADV-2006-4806",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4806"
},
{
"name" : "23360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23360"
},
{
"name" : "coolplayer-unspecified-bo(30658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30658"
},
{
"name" : "coolplayer-mainskincheck-bo(30861)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30861"
},
{
"name" : "coolplayer-mainskinopen-bo(30863)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30863"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coolplayer-mainskinopen-bo(30863)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30863"
},
{
"name": "23360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23360"
},
{
"name": "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log",
"refsource": "CONFIRM",
"url": "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log"
},
{
"name": "20061213 Coolplayer buffer overflow vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051269.html"
},
{
"name": "ADV-2006-4806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4806"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783"
},
{
"name": "20071227 Re: TotalPlayer 3.0 .m3u crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485547/100/100/threaded"
},
{
"name": "4839",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4839"
},
{
"name": "20071227 Re: Re: TotalPlayer 3.0 .m3u crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485564/100/100/threaded"
},
{
"name": "coolplayer-mainskincheck-bo(30861)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30861"
},
{
"name": "20071227 Re: Re: Re: TotalPlayer 3.0 .m3u crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485578/100/100/threaded"
},
{
"name": "21396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21396"
},
{
"name": "coolplayer-unspecified-bo(30658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30658"
}
]
}
}

130
2006/6xxx/CVE-2006-6515.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name" : "http://www.mantisbugtracker.com/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbugtracker.com/changelog.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
]
}
}

130
2006/6xxx/CVE-2006-6551.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2896",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2896"
},
{
"name" : "tucows-domainutils-file-include(30789)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2896",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2896"
},
{
"name": "tucows-domainutils-file-include(30789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30789"
}
]
}
}

150
2006/7xxx/CVE-2006-7193.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 Smarty-2.6.1 Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116163668213491&w=2"
},
{
"name" : "20061024 Re: Smarty-2.6.1 Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116170769322920&w=2"
},
{
"name" : "31096",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31096"
},
{
"name" : "smarty-test-file-include(29739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061023 Smarty-2.6.1 Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116163668213491&w=2"
},
{
"name": "31096",
"refsource": "OSVDB",
"url": "http://osvdb.org/31096"
},
{
"name": "20061024 Re: Smarty-2.6.1 Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116170769322920&w=2"
},
{
"name": "smarty-test-file-include(29739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29739"
}
]
}
}

120
2010/2xxx/CVE-2010-2261.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100608 IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511733/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100608 IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511733/100/0/threaded"
}
]
}
}

170
2010/2xxx/CVE-2010-2338.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13842",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13842"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt"
},
{
"name" : "65483",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65483"
},
{
"name" : "40176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40176"
},
{
"name" : "ADV-2010-1460",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1460"
},
{
"name" : "webvisitor-login-page-sql-injection(59396)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40176"
},
{
"name": "webvisitor-login-page-sql-injection(59396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59396"
},
{
"name": "13842",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13842"
},
{
"name": "ADV-2010-1460",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1460"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt"
},
{
"name": "65483",
"refsource": "OSVDB",
"url": "http://osvdb.org/65483"
}
]
}
}

160
2010/2xxx/CVE-2010-2581.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101029 Secunia Research: Adobe Shockwave Player \"pamm\" Chunk Parsing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514559/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-113/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-113/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
},
{
"name" : "oval:org.mitre.oval:def:12185",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12185"
},
{
"name" : "1024664",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024664"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
},
{
"name": "20101029 Secunia Research: Adobe Shockwave Player \"pamm\" Chunk Parsing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514559/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:12185",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12185"
},
{
"name": "http://secunia.com/secunia_research/2010-113/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-113/"
}
]
}
}

170
2011/0xxx/CVE-2011-0235.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

190
2011/0xxx/CVE-2011-0450.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/windows/1101/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1101/"
},
{
"name" : "http://www.opera.com/support/kb/view/985/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/985/"
},
{
"name" : "JVN#33880169",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN33880169/index.html"
},
{
"name" : "JVNDB-2011-000010",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000010.html"
},
{
"name" : "70726",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70726"
},
{
"name" : "oval:org.mitre.oval:def:12369",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12369"
},
{
"name" : "43023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43023"
},
{
"name" : "ADV-2011-0231",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/support/kb/view/985/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/985/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1101/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1101/"
},
{
"name": "ADV-2011-0231",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0231"
},
{
"name": "oval:org.mitre.oval:def:12369",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12369"
},
{
"name": "JVNDB-2011-000010",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000010.html"
},
{
"name": "70726",
"refsource": "OSVDB",
"url": "http://osvdb.org/70726"
},
{
"name": "JVN#33880169",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33880169/index.html"
},
{
"name": "43023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43023"
}
]
}
}

220
2011/0xxx/CVE-2011-0706.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=677332",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
},
{
"name" : "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/",
"refsource" : "CONFIRM",
"url" : "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"name" : "DSA-2224",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2224"
},
{
"name" : "FEDORA-2011-1631",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"name" : "FEDORA-2011-1645",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "MDVSA-2011:054",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
},
{
"name" : "46439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46439"
},
{
"name" : "oval:org.mitre.oval:def:14117",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
},
{
"name" : "43350",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43350"
},
{
"name" : "icedtea-jnlpclassloader-priv-esc(65534)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2011-1631",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2011-1645",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"name": "46439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46439"
},
{
"name": "icedtea-jnlpclassloader-priv-esc(65534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
},
{
"name": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/",
"refsource": "CONFIRM",
"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"name": "43350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43350"
},
{
"name": "DSA-2224",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2224"
},
{
"name": "oval:org.mitre.oval:def:14117",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=677332",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
},
{
"name": "MDVSA-2011:054",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
}
]
}
}

310
2011/0xxx/CVE-2011-0727.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource" : "MLIST",
"url" : "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource" : "CONFIRM",
"url" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name" : "DSA-2205",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2205"
},
{
"name" : "FEDORA-2011-4335",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name" : "FEDORA-2011-4351",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name" : "MDVSA-2011:070",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name" : "RHSA-2011:0395",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name" : "USN-1099-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name" : "47063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47063"
},
{
"name" : "1025264",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025264"
},
{
"name" : "43714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43714"
},
{
"name" : "43854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43854"
},
{
"name" : "44021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44021"
},
{
"name" : "ADV-2011-0786",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name" : "ADV-2011-0787",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name" : "ADV-2011-0797",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0797"
},
{
"name" : "ADV-2011-0847",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name" : "ADV-2011-0911",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name" : "display-manager-priv-escalation(66377)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1099-1"
},
{
"name": "43714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43714"
},
{
"name": "1025264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025264"
},
{
"name": "FEDORA-2011-4351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html"
},
{
"name": "43854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43854"
},
{
"name": "ADV-2011-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0847"
},
{
"name": "ADV-2011-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0787"
},
{
"name": "display-manager-priv-escalation(66377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377"
},
{
"name": "ADV-2011-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0911"
},
{
"name": "MDVSA-2011:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070"
},
{
"name": "DSA-2205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2205"
},
{
"name": "RHSA-2011:0395",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html"
},
{
"name": "47063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47063"
},
{
"name": "ADV-2011-0786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0786"
},
{
"name": "[gdm-list] 20110328 GDM 2.32.1 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news"
},
{
"name": "44021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44021"
},
{
"name": "FEDORA-2011-4335",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html"
},
{
"name": "ADV-2011-0797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0797"
}
]
}
}

120
2011/0xxx/CVE-2011-0800.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

160
2011/0xxx/CVE-2011-0959.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17304",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17304"
},
{
"name" : "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
},
{
"name" : "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
"refsource" : "MISC",
"url" : "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
},
{
"name" : "cisco-uom-multiple-xss(67521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"
},
{
"name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
"refsource": "MISC",
"url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
},
{
"name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
},
{
"name": "17304",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17304"
},
{
"name": "cisco-uom-multiple-xss(67521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"
}
]
}
}

240
2011/1xxx/CVE-2011-1174.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110317 CVE request for Asterisk flaws",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"name" : "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/21/12"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2011-003.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688675",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
},
{
"name" : "DSA-2225",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2225"
},
{
"name" : "FEDORA-2011-3958",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"name" : "FEDORA-2011-3942",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"name" : "FEDORA-2011-3945",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"name" : "46897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46897"
},
{
"name" : "1025223",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025223"
},
{
"name" : "ADV-2011-0686",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0686"
},
{
"name" : "ADV-2011-0790",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0790"
},
{
"name" : "asterisk-writes-dos(66139)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2011-3945",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html"
},
{
"name": "DSA-2225",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "FEDORA-2011-3942",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688675",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html"
},
{
"name": "[oss-security] 20110317 CVE request for Asterisk flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/17/5"
},
{
"name": "46897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46897"
},
{
"name": "asterisk-writes-dos(66139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139"
},
{
"name": "FEDORA-2011-3958",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html"
},
{
"name": "ADV-2011-0686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0686"
},
{
"name": "ADV-2011-0790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0790"
},
{
"name": "1025223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025223"
},
{
"name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/21/12"
}
]
}
}

230
2011/1xxx/CVE-2011-1202.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html",
"refsource" : "MISC",
"url" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=73716",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684386",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name" : "MDVSA-2011:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name" : "MDVSA-2012:164",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
},
{
"name" : "oval:org.mitre.oval:def:14244",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
},
{
"name" : "google-xslt-info-disclosure(65966)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14244",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=73716",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684386",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}

130
2011/1xxx/CVE-2011-1254.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Drag and Drop Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-050",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
},
{
"name" : "oval:org.mitre.oval:def:12368",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Drag and Drop Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
},
{
"name": "oval:org.mitre.oval:def:12368",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368"
}
]
}
}

34
2011/1xxx/CVE-2011-1626.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1626",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1626",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

290
2011/1xxx/CVE-2011-1680.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/11"
},
{
"name" : "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/9"
},
{
"name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/10"
},
{
"name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/12"
},
{
"name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/3"
},
{
"name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/7"
},
{
"name" : "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/07/9"
},
{
"name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/5"
},
{
"name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/7"
},
{
"name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/16"
},
{
"name" : "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/15/6"
},
{
"name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/22/4"
},
{
"name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/22/6"
},
{
"name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/31/3"
},
{
"name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/31/4"
},
{
"name" : "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/01/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980"
},
{
"name" : "ncpfs-mtab-unspecified(66700)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/5"
},
{
"name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/9"
},
{
"name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/22/6"
},
{
"name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/22/4"
},
{
"name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688980",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980"
},
{
"name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/9"
},
{
"name": "ncpfs-mtab-unspecified(66700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66700"
},
{
"name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/01/2"
},
{
"name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/10"
},
{
"name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/16"
},
{
"name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/31/4"
},
{
"name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/12"
},
{
"name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/7"
},
{
"name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/11"
},
{
"name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/3"
},
{
"name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/31/3"
},
{
"name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/15/6"
}
]
}
}

34
2011/4xxx/CVE-2011-4123.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4123",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4123",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2011/4xxx/CVE-2011-4246.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}

140
2011/4xxx/CVE-2011-4675.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021",
"refsource" : "CONFIRM",
"url" : "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960"
},
{
"name" : "widelands-filesystem-file-overwrite(71626)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71626"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021",
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021"
},
{
"name": "widelands-filesystem-file-overwrite(71626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71626"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960"
}
]
}
}

160
2011/4xxx/CVE-2011-4921.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/01/04/3"
},
{
"name" : "51253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51253"
},
{
"name" : "78050",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78050"
},
{
"name" : "46706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46706"
},
{
"name" : "e107inc-usersettings-sql-injection(72011)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46706"
},
{
"name": "e107inc-usersettings-sql-injection(72011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011"
},
{
"name": "78050",
"refsource": "OSVDB",
"url": "http://osvdb.org/78050"
},
{
"name": "51253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51253"
},
{
"name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/3"
}
]
}
}

130
2011/5xxx/CVE-2011-5138.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt"
},
{
"name" : "tforum-member-xss(71973)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71973"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tforum-member-xss(71973)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71973"
},
{
"name": "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt"
}
]
}
}

130
2011/5xxx/CVE-2011-5242.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.unrest.ca/peerjacking",
"refsource" : "MISC",
"url" : "http://www.unrest.ca/peerjacking"
},
{
"name" : "https://github.com/themattharris/tmhOAuth/blob/master/README.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/themattharris/tmhOAuth/blob/master/README.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.unrest.ca/peerjacking",
"refsource": "MISC",
"url": "http://www.unrest.ca/peerjacking"
},
{
"name": "https://github.com/themattharris/tmhOAuth/blob/master/README.md",
"refsource": "CONFIRM",
"url": "https://github.com/themattharris/tmhOAuth/blob/master/README.md"
}
]
}
}

150
2014/2xxx/CVE-2014-2537.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/",
"refsource" : "CONFIRM",
"url" : "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name" : "66231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66231"
},
{
"name" : "1029920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029920"
},
{
"name" : "57344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57344"
},
{
"name": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/",
"refsource": "CONFIRM",
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66231"
}
]
}
}

34
2014/2xxx/CVE-2014-2548.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2548",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2548",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/2xxx/CVE-2014-2574.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2574",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2574",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/2xxx/CVE-2014-2613.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-2613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU03061",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04352674"
},
{
"name" : "68245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68245"
},
{
"name" : "1030490",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68245"
},
{
"name": "HPSBMU03061",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04352674"
},
{
"name": "1030490",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030490"
}
]
}
}

150
2014/2xxx/CVE-2014-2789.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2789",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "68374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68374"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
},
{
"name": "68374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68374"
}
]
}
}

120
2014/3xxx/CVE-2014-3389.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
}
]
}
}

180
2014/3xxx/CVE-2014-3418.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140709 OS Command Injection Infoblox Network Automation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name" : "34030",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34030"
},
{
"name" : "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource" : "MISC",
"url" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
},
{
"name" : "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource" : "MISC",
"url" : "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name" : "68471",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68471"
},
{
"name" : "infoblox-cve20143418-command-exec(94449)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68471"
},
{
"name": "20140709 OS Command Injection Infoblox Network Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/35"
},
{
"name": "34030",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"name": "infoblox-cve20143418-command-exec(94449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"name": "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource": "MISC",
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource": "MISC",
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
]
}
}

190
2014/3xxx/CVE-2014-3555.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openstack-announce] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)",
"refsource" : "MLIST",
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html"
},
{
"name" : "[oss-security] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q3/200"
},
{
"name" : "https://bugs.launchpad.net/neutron/+bug/1336207",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/neutron/+bug/1336207"
},
{
"name" : "RHSA-2014:1119",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1119.html"
},
{
"name" : "RHSA-2014:1120",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1120.html"
},
{
"name" : "68765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68765"
},
{
"name" : "60804",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60804"
},
{
"name" : "60766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60804"
},
{
"name": "RHSA-2014:1120",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1120.html"
},
{
"name": "68765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68765"
},
{
"name": "60766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60766"
},
{
"name": "[oss-security] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/200"
},
{
"name": "RHSA-2014:1119",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1119.html"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1336207",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/neutron/+bug/1336207"
},
{
"name": "[openstack-announce] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html"
}
]
}
}

440
2014/3xxx/CVE-2014-3710.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d"
},
{
"name" : "https://bugs.php.net/bug.php?id=68283",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=68283"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155071",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"
},
{
"name" : "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0",
"refsource" : "CONFIRM",
"url" : "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "DSA-3072",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3072"
},
{
"name" : "FreeBSD-SA-14:28",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"name" : "GLSA-201503-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-03"
},
{
"name" : "GLSA-201701-42",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-42"
},
{
"name" : "RHSA-2014:1767",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name" : "RHSA-2014:1768",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name" : "RHSA-2014:1765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name" : "RHSA-2014:1766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name" : "RHSA-2016:0760",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name" : "openSUSE-SU-2014:1516",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"
},
{
"name" : "USN-2391-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name" : "USN-2494-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"name" : "70807",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70807"
},
{
"name" : "1031344",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031344"
},
{
"name" : "60630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60630"
},
{
"name" : "60699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60699"
},
{
"name" : "61763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61763"
},
{
"name" : "61970",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61970"
},
{
"name" : "61982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61982"
},
{
"name" : "62347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62347"
},
{
"name" : "62559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=68283",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68283"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d"
},
{
"name": "62347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62347"
},
{
"name": "RHSA-2014:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "61982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61982"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "61763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61763"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "FreeBSD-SA-14:28",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "DSA-3072",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3072"
},
{
"name": "RHSA-2016:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "USN-2494-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61970"
},
{
"name": "1031344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031344"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "openSUSE-SU-2014:1516",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"
},
{
"name": "RHSA-2014:1768",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "GLSA-201701-42",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-42"
},
{
"name": "60699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60699"
},
{
"name": "GLSA-201503-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-03"
},
{
"name": "70807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70807"
},
{
"name": "60630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60630"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"
},
{
"name": "62559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62559"
}
]
}
}

130
2014/6xxx/CVE-2014-6296.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/"
},
{
"name" : "http://typo3.org/extensions/repository/view/wec_map",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/wec_map"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/"
},
{
"name": "http://typo3.org/extensions/repository/view/wec_map",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_map"
}
]
}
}

140
2014/6xxx/CVE-2014-6684.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#710097",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/710097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#710097",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/710097"
}
]
}
}

140
2014/6xxx/CVE-2014-6773.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#762017",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/762017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#762017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/762017"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/6xxx/CVE-2014-6809.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6809",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-6809",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2014/6xxx/CVE-2014-6993.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#269569",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/269569"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#269569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/269569"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7716.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#585225",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/585225"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#585225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/585225"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

150
2014/7xxx/CVE-2014-7832.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141117 Moodle security issues are now public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=275154",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=275154"
},
{
"name" : "1031215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031215"
},
{
"name": "[oss-security] 20141117 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=275154",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=275154"
}
]
}
}

140
2014/7xxx/CVE-2014-7997.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-7997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141114 Cisco Aironet DHCP Denial of Service Vulnerabilty",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997"
},
{
"name" : "1031218",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031218"
},
{
"name" : "cisco-aironet-cve20147997-dos(98691)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-aironet-cve20147997-dos(98691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98691"
},
{
"name": "1031218",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031218"
},
{
"name": "20141114 Cisco Aironet DHCP Denial of Service Vulnerabilty",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997"
}
]
}
}

120
2016/2xxx/CVE-2016-2308.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0"
}
]
}
}

140
2017/0xxx/CVE-2017-0018.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "Internet Explorer 10 and 11"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 10 and 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018"
},
{
"name" : "96086",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96086"
},
{
"name" : "1038008",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018"
},
{
"name": "96086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96086"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
}
]
}
}

34
2017/0xxx/CVE-2017-0717.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0717",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0717",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/0xxx/CVE-2017-0793.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100670"
}
]
}
}

120
2017/18xxx/CVE-2017-18260.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010",
"refsource" : "MISC",
"url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010",
"refsource": "MISC",
"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010"
}
]
}
}

152
2017/1xxx/CVE-2017-1434.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-07T00:00:00",
"ID" : "CVE-2017-1434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-1434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005740",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005740"
},
{
"name" : "100693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100693"
},
{
"name" : "1039297",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039297",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039297"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005740",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005740"
},
{
"name": "100693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100693"
}
]
}
}

142
2017/1xxx/CVE-2017-1482.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-29T00:00:00",
"ID" : "CVE-2017-1482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-29T00:00:00",
"ID": "CVE-2017-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010762",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010762"
},
{
"name" : "102035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620"
},
{
"name": "102035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102035"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010762",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010762"
}
]
}
}

34
2017/1xxx/CVE-2017-1543.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1543",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1543",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2017/1xxx/CVE-2017-1672.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2017-1672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.6"
},
{
"version_value" : "2.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "2.6"
},
{
"version_value": "2.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012019",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012019",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012019"
}
]
}
}

34
2017/1xxx/CVE-2017-1686.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1686",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1686",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/5xxx/CVE-2017-5671.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41754",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41754/"
},
{
"name" : "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/",
"refsource" : "MISC",
"url" : "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/"
},
{
"name" : "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf",
"refsource" : "CONFIRM",
"url" : "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf"
},
{
"name" : "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf",
"refsource" : "CONFIRM",
"url" : "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf"
},
{
"name" : "97236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41754",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41754/"
},
{
"name": "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf",
"refsource": "CONFIRM",
"url": "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf"
},
{
"name": "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/",
"refsource": "MISC",
"url": "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/"
},
{
"name": "97236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97236"
},
{
"name": "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf",
"refsource": "CONFIRM",
"url": "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf"
}
]
}
}

190
2017/5xxx/CVE-2017-5843.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777503",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777503"
},
{
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource" : "CONFIRM",
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name" : "DSA-3818",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3818"
},
{
"name" : "GLSA-201705-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-10"
},
{
"name" : "RHSA-2017:2060",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name" : "96001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=777503",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=777503"
},
{
"name": "96001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96001"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
}
]
}
}

150
2017/5xxx/CVE-2017-5899.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170127 CVE Request: s-nail local root",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/27/7"
},
{
"name" : "[oss-security] 20170207 Re: CVE Request: s-nail local root",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/07/4"
},
{
"name" : "[s-nail-users] 20170127 [ANN]ounce of S-nail v14.8.16 (\"Copris lunaris\")",
"refsource" : "MLIST",
"url" : "https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html"
},
{
"name" : "96138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170207 Re: CVE Request: s-nail local root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/4"
},
{
"name": "[s-nail-users] 20170127 [ANN]ounce of S-nail v14.8.16 (\"Copris lunaris\")",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html"
},
{
"name": "[oss-security] 20170127 CVE Request: s-nail local root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/27/7"
},
{
"name": "96138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96138"
}
]
}
}