admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:17:17 +00:00
parent 5f0f8c341d
commit 5fbcf22329
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4095 additions and 4095 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/3xxx/CVE-2006-3015.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3015", "ID": "CVE-2006-3015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060611 WinSCP - URI Handler Command Switch Parsing", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html" "lang": "eng",
}, "value": "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI."
{ }
"name" : "20060310 WinSCP - URI Handler Command Switch Parsing", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://winscp.net/eng/docs/history#3.8.2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://winscp.net/eng/docs/history#3.8.2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#912588", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/912588" ]
}, },
{ "references": {
"name" : "18384", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18384" "name": "winscp-uri-handler-command-execution(27075)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075"
"name" : "ADV-2006-2289", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2289" "name": "http://winscp.net/eng/docs/history#3.8.2",
}, "refsource": "CONFIRM",
{ "url": "http://winscp.net/eng/docs/history#3.8.2"
"name" : "20575", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20575" "name": "20060611 WinSCP - URI Handler Command Switch Parsing",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html"
"name" : "winscp-uri-handler-command-execution(27075)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075" "name": "20060310 WinSCP - URI Handler Command Switch Parsing",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html"
} },
} {
"name": "20575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20575"
},
{
"name": "ADV-2006-2289",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2289"
},
{
"name": "18384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18384"
},
{
"name": "VU#912588",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/912588"
}
]
}
}

170
2006/3xxx/CVE-2006-3151.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3151", "ID": "CVE-2006-3151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter."
{ }
"name" : "18541", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18541" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2444", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2444" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26672", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26672" ]
}, },
{ "references": {
"name" : "20725", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20725" "name": "18541",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18541"
"name" : "associated-index-xss(27255)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27255" "name": "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html",
} "refsource": "MISC",
] "url": "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html"
} },
} {
"name": "ADV-2006-2444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2444"
},
{
"name": "20725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20725"
},
{
"name": "26672",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26672"
},
{
"name": "associated-index-xss(27255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27255"
}
]
}
}

230
2006/3xxx/CVE-2006-3539.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3539", "ID": "CVE-2006-3539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060618 Dragons Kingdom v1.0 - XSS & cookie disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437753/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies."
{ }
"name" : "http://www.youfucktard.com/xsp/dragking1.jpg", ]
"refsource" : "MISC", },
"url" : "http://www.youfucktard.com/xsp/dragking1.jpg" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.youfucktard.com/xsp/dragking2.jpg", "description": [
"refsource" : "MISC", {
"url" : "http://www.youfucktard.com/xsp/dragking2.jpg" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.youfucktard.com/xsp/dragking3.jpg", ]
"refsource" : "MISC", }
"url" : "http://www.youfucktard.com/xsp/dragking3.jpg" ]
}, },
{ "references": {
"name" : "http://www.youfucktard.com/xsp/dragking4.jpg", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.youfucktard.com/xsp/dragking4.jpg" "name": "20662",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20662"
"name" : "http://www.youfucktard.com/xsp/dragking5.jpg", },
"refsource" : "MISC", {
"url" : "http://www.youfucktard.com/xsp/dragking5.jpg" "name": "ADV-2006-2439",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2439"
"name" : "http://www.youfucktard.com/xsp/dragking6.jpg", },
"refsource" : "MISC", {
"url" : "http://www.youfucktard.com/xsp/dragking6.jpg" "name": "dragons-kingdom-multiple-xss(27390)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27390"
"name" : "http://www.youfucktard.com/xsp/dragking7.jpg", },
"refsource" : "MISC", {
"url" : "http://www.youfucktard.com/xsp/dragking7.jpg" "name": "18535",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18535"
"name" : "18535", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18535" "name": "http://www.youfucktard.com/xsp/dragking5.jpg",
}, "refsource": "MISC",
{ "url": "http://www.youfucktard.com/xsp/dragking5.jpg"
"name" : "ADV-2006-2439", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2439" "name": "http://www.youfucktard.com/xsp/dragking2.jpg",
}, "refsource": "MISC",
{ "url": "http://www.youfucktard.com/xsp/dragking2.jpg"
"name" : "20662", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20662" "name": "http://www.youfucktard.com/xsp/dragking6.jpg",
}, "refsource": "MISC",
{ "url": "http://www.youfucktard.com/xsp/dragking6.jpg"
"name" : "dragons-kingdom-multiple-xss(27390)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27390" "name": "20060618 Dragons Kingdom v1.0 - XSS & cookie disclosure",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/437753/100/0/threaded"
} },
} {
"name": "http://www.youfucktard.com/xsp/dragking4.jpg",
"refsource": "MISC",
"url": "http://www.youfucktard.com/xsp/dragking4.jpg"
},
{
"name": "http://www.youfucktard.com/xsp/dragking3.jpg",
"refsource": "MISC",
"url": "http://www.youfucktard.com/xsp/dragking3.jpg"
},
{
"name": "http://www.youfucktard.com/xsp/dragking7.jpg",
"refsource": "MISC",
"url": "http://www.youfucktard.com/xsp/dragking7.jpg"
},
{
"name": "http://www.youfucktard.com/xsp/dragking1.jpg",
"refsource": "MISC",
"url": "http://www.youfucktard.com/xsp/dragking1.jpg"
}
]
}
}

140
2006/4xxx/CVE-2006-4604.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4604", "ID": "CVE-2006-4604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2280", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2280" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter."
{ }
"name" : "19773", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19773" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "lanifex-accessmanager-file-include(28673)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28673" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "lanifex-accessmanager-file-include(28673)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28673"
},
{
"name": "19773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19773"
},
{
"name": "2280",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2280"
}
]
}
}

170
2006/4xxx/CVE-2006-4637.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4637", "ID": "CVE-2006-4637",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060907 ACGV News v0.9.1 - Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445575/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information."
{ }
"name" : "19863", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19863" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3475", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3475" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016816", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016816" ]
}, },
{ "references": {
"name" : "21765", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21765" "name": "acgvnews-pathnews-file-include(28763)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28763"
"name" : "acgvnews-pathnews-file-include(28763)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28763" "name": "ADV-2006-3475",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3475"
} },
} {
"name": "1016816",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016816"
},
{
"name": "21765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21765"
},
{
"name": "19863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19863"
},
{
"name": "20060907 ACGV News v0.9.1 - Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445575/100/0/threaded"
}
]
}
}

140
2006/4xxx/CVE-2006-4641.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4641", "ID": "CVE-2006-4641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2294", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2294" "lang": "eng",
}, "value": "SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter."
{ }
"name" : "19821", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19821" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "muratsoft-kategori-sql-injection(28724)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28724" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19821"
},
{
"name": "muratsoft-kategori-sql-injection(28724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28724"
},
{
"name": "2294",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2294"
}
]
}
}

210
2006/4xxx/CVE-2006-4667.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4667", "ID": "CVE-2006-4667",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060907 Sql injection in RunCMS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445524/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php."
{ }
"name" : "http://www.hackers.ir/advisories/runcms.html", ]
"refsource" : "MISC", },
"url" : "http://www.hackers.ir/advisories/runcms.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19913", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19913" ]
}, },
{ "references": {
"name" : "ADV-2006-3522", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3522" "name": "1532",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1532"
"name" : "28616", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28616" "name": "20060907 Sql injection in RunCMS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/445524/100/0/threaded"
"name" : "28617", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28617" "name": "28616",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28616"
"name" : "21814", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21814" "name": "ADV-2006-3522",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3522"
"name" : "1532", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1532" "name": "28617",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28617"
"name" : "runcms-sessions-sql-injection(28806)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28806" "name": "21814",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21814"
} },
} {
"name": "19913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19913"
},
{
"name": "http://www.hackers.ir/advisories/runcms.html",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/runcms.html"
},
{
"name": "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5",
"refsource": "CONFIRM",
"url": "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5"
},
{
"name": "runcms-sessions-sql-injection(28806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28806"
}
]
}
}

150
2006/4xxx/CVE-2006-4778.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4778", "ID": "CVE-2006-4778",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503" "lang": "eng",
}, "value": "SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information."
{ }
"name" : "19978", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19978" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3567", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3567" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21822", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21822" ]
} },
] "references": {
} "reference_data": [
} {
"name": "19978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19978"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503"
},
{
"name": "21822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21822"
},
{
"name": "ADV-2006-3567",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3567"
}
]
}
}

160
2006/4xxx/CVE-2006-4946.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4946", "ID": "CVE-2006-4946",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2399", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2399" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
{ }
"name" : "20116", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20116" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3706", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3706" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22024", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22024" ]
}, },
{ "references": {
"name" : "bcwb-startup-file-include(29039)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29039" "name": "20116",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/20116"
} },
} {
"name": "ADV-2006-3706",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3706"
},
{
"name": "2399",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2399"
},
{
"name": "22024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22024"
},
{
"name": "bcwb-startup-file-include(29039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29039"
}
]
}
}

300
2006/6xxx/CVE-2006-6013.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6013", "ID": "CVE-2006-6013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451677/100/0/threaded" "lang": "eng",
}, "value": "Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error."
{ }
"name" : "20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/451629/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451637/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/451698/100/0/threaded" ]
}, },
{ "references": {
"name" : "20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451861/100/0/threaded" "name": "20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/451861/100/0/threaded"
"name" : "20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452124/100/0/threaded" "name": "1017344",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017344"
"name" : "20061121 Clarifying integer overflows vs. signedness errors", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452264/100/0/threaded" "name": "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html"
"name" : "20061122 Re: Clarifying integer overflows vs. signedness errors", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452331/100/0/threaded" "name": "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/451637/100/0/threaded"
"name" : "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", },
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html" "name": "[tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
}, "refsource": "MLIST",
{ "url": "http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html"
"name" : "[tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", },
"refsource" : "MLIST", {
"url" : "http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html" "name": "FreeBSD-SA-06:25",
}, "refsource": "FREEBSD",
{ "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc"
"name" : "[tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface", },
"refsource" : "MLIST", {
"url" : "http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html" "name": "freebsd-fwdev-integer-overflow(30347)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30347"
"name" : "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c", },
"refsource" : "MISC", {
"url" : "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c" "name": "20061121 Clarifying integer overflows vs. signedness errors",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/452264/100/0/threaded"
"name" : "http://www.kernelhacking.com/bsdadv1.txt", },
"refsource" : "MISC", {
"url" : "http://www.kernelhacking.com/bsdadv1.txt" "name": "20061122 Re: Clarifying integer overflows vs. signedness errors",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/452331/100/0/threaded"
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c", },
"refsource" : "CONFIRM", {
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c" "name": "20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/452124/100/0/threaded"
"name" : "FreeBSD-SA-06:25", },
"refsource" : "FREEBSD", {
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc" "name": "[tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface",
}, "refsource": "MLIST",
{ "url": "http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html"
"name" : "21089", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21089" "name": "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c",
}, "refsource": "MISC",
{ "url": "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c"
"name" : "1017344", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017344" "name": "21089",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21089"
"name" : "22917", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22917" "name": "22917",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22917"
"name" : "freebsd-fwdev-integer-overflow(30347)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30347" "name": "20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/451698/100/0/threaded"
} },
} {
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c"
},
{
"name": "20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451677/100/0/threaded"
},
{
"name": "20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451629/100/0/threaded"
},
{
"name": "http://www.kernelhacking.com/bsdadv1.txt",
"refsource": "MISC",
"url": "http://www.kernelhacking.com/bsdadv1.txt"
}
]
}
}

160
2006/6xxx/CVE-2006-6203.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6203", "ID": "CVE-2006-6203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2852", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2852" "lang": "eng",
}, "value": "Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
{ }
"name" : "21315", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21315" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4721", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4721" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23097", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23097" ]
}, },
{ "references": {
"name" : "flysprayme-startdown-directory-traversal(30497)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30497" "name": "23097",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/23097"
} },
} {
"name": "flysprayme-startdown-directory-traversal(30497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30497"
},
{
"name": "ADV-2006-4721",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4721"
},
{
"name": "2852",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2852"
},
{
"name": "21315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21315"
}
]
}
}

160
2006/6xxx/CVE-2006-6692.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6692", "ID": "CVE-2006-6692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1" "lang": "eng",
}, "value": "Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20416", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20416" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3959", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3959" ]
}, },
{ "references": {
"name" : "22313", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22313" "name": "ADV-2006-3959",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3959"
} },
} {
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388"
},
{
"name": "20416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20416"
},
{
"name": "22313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22313"
}
]
}
}

150
2006/7xxx/CVE-2006-7019.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7019", "ID": "CVE-2006-7019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phpwcms.de/forum/viewtopic.php?t=10958", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.phpwcms.de/forum/viewtopic.php?t=10958" "lang": "eng",
}, "value": "phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "ADV-2006-1556", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1556" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19866", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19866" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpwcms-mailfileform-file-include(26126)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26126" ]
} },
] "references": {
} "reference_data": [
} {
"name": "19866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19866"
},
{
"name": "ADV-2006-1556",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1556"
},
{
"name": "http://www.phpwcms.de/forum/viewtopic.php?t=10958",
"refsource": "MISC",
"url": "http://www.phpwcms.de/forum/viewtopic.php?t=10958"
},
{
"name": "phpwcms-mailfileform-file-include(26126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26126"
}
]
}
}

200
2010/2xxx/CVE-2010-2344.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2344", "ID": "CVE-2010-2344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/146/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/146/45/" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php."
{ }
"name" : "40678", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/40678" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65258", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/65258" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "65259", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/65259" ]
}, },
{ "references": {
"name" : "65260", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/65260" "name": "39942",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39942"
"name" : "65261", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/65261" "name": "65259",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/65259"
"name" : "65262", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/65262" "name": "65258",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/65258"
"name" : "39942", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39942" "name": "odcms-page-xss(59247)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59247"
"name" : "odcms-page-xss(59247)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59247" "name": "65260",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/65260"
} },
} {
"name": "40678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40678"
},
{
"name": "65262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65262"
},
{
"name": "http://holisticinfosec.org/content/view/146/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/146/45/"
},
{
"name": "65261",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65261"
}
]
}
}

150
2010/2xxx/CVE-2010-2613.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2613", "ID": "CVE-2010-2613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14059", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14059" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php."
{ }
"name" : "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "41165", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41165" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "jeawdsongcom-index-xss(59807)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59807" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41165"
},
{
"name": "14059",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14059"
},
{
"name": "jeawdsongcom-index-xss(59807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59807"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt"
}
]
}
}

150
2010/2xxx/CVE-2010-2945.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2945", "ID": "CVE-2010-2945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100819 CVE Request: SLiM insecure PATH assignment", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/08/19/8" "lang": "eng",
}, "value": "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp."
{ }
"name" : "[oss-security] 20100820 Re: CVE Request: SLiM insecure PATH assignment", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/08/20/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.berlios.de/viewvc/slim?view=revision&revision=171", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.berlios.de/viewvc/slim?view=revision&revision=171" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "41005", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/41005" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20100820 Re: CVE Request: SLiM insecure PATH assignment",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/20/10"
},
{
"name": "http://svn.berlios.de/viewvc/slim?view=revision&revision=171",
"refsource": "CONFIRM",
"url": "http://svn.berlios.de/viewvc/slim?view=revision&revision=171"
},
{
"name": "[oss-security] 20100819 CVE Request: SLiM insecure PATH assignment",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/19/8"
},
{
"name": "41005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41005"
}
]
}
}

150
2011/0xxx/CVE-2011-0619.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-0619", "ID": "CVE-2011-0619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622."
{ }
"name" : "SUSE-SA:2011:025", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14088", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14088" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:16141", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16141" ]
} },
] "references": {
} "reference_data": [
} {
"name": "oval:org.mitre.oval:def:16141",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16141"
},
{
"name": "oval:org.mitre.oval:def:14088",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14088"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
},
{
"name": "SUSE-SA:2011:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html"
}
]
}
}

140
2011/0xxx/CVE-2011-0918.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0918", "ID": "CVE-2011-0918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", "description_data": [
"refsource" : "MISC", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514" "lang": "eng",
}, "value": "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE."
{ }
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-046/", ]
"refsource" : "MISC", },
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-046/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43224", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43224" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "43224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43224"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-046/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-046/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}

160
2011/1xxx/CVE-2011-1330.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2011-1330", "ID": "CVE-2011-1330",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kbs.co.jp/jp/tabid/254/Default.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kbs.co.jp/jp/tabid/254/Default.aspx" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#43386477", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN43386477/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2011-000042", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000042" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48338", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/48338" ]
}, },
{ "references": {
"name" : "44994", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44994" "name": "48338",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/48338"
} },
} {
"name": "JVN#43386477",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43386477/index.html"
},
{
"name": "http://www.kbs.co.jp/jp/tabid/254/Default.aspx",
"refsource": "CONFIRM",
"url": "http://www.kbs.co.jp/jp/tabid/254/Default.aspx"
},
{
"name": "JVNDB-2011-000042",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000042"
},
{
"name": "44994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44994"
}
]
}
}

280
2011/1xxx/CVE-2011-1579.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1579", "ID": "CVE-2011-1579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html" "lang": "eng",
}, "value": "The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments."
{ }
"name" : "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/04/13/15" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360" "name": "FEDORA-2011-5495",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html"
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450" "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450"
"name" : "DSA-2366", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2366" "name": "ADV-2011-0978",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0978"
"name" : "FEDORA-2011-5495", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" "name": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856",
}, "refsource": "CONFIRM",
{ "url": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856"
"name" : "FEDORA-2011-5807", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" "name": "FEDORA-2011-5807",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html"
"name" : "FEDORA-2011-5812", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" "name": "47354",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47354"
"name" : "FEDORA-2011-5848", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" "name": "44142",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44142"
"name" : "47354", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47354" "name": "FEDORA-2011-5848",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html"
"name" : "44142", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44142" "name": "ADV-2011-1151",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/1151"
"name" : "ADV-2011-0978", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0978" "name": "mediawiki-css-data-xss(66738)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738"
"name" : "ADV-2011-1100", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1100" "name": "DSA-2366",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2366"
"name" : "ADV-2011-1151", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1151" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696360",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
"name" : "mediawiki-css-data-xss(66738)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738" "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3",
} "refsource": "MLIST",
] "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html"
} },
} {
"name": "ADV-2011-1100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1100"
},
{
"name": "FEDORA-2011-5812",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577"
},
{
"name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/15"
}
]
}
}

190
2011/1xxx/CVE-2011-1704.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1704", "ID": "CVE-2011-1704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110606 ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518268/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url."
{ }
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-177/", ]
"refsource" : "MISC", },
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-177/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", "description": [
"refsource" : "CONFIRM", {
"url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728", ]
"refsource" : "CONFIRM", }
"url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728" ]
}, },
{ "references": {
"name" : "48124", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48124" "name": "1025606",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025606"
"name" : "1025606", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025606" "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~",
}, "refsource": "CONFIRM",
{ "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~"
"name" : "44811", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44811" "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728",
}, "refsource": "CONFIRM",
{ "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728"
"name" : "novell-iprint-corepackage-bo(67879)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67879" "name": "http://zerodayinitiative.com/advisories/ZDI-11-177/",
} "refsource": "MISC",
] "url": "http://zerodayinitiative.com/advisories/ZDI-11-177/"
} },
} {
"name": "44811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44811"
},
{
"name": "48124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48124"
},
{
"name": "20110606 ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518268/100/0/threaded"
},
{
"name": "novell-iprint-corepackage-bo(67879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67879"
}
]
}
}

34
2011/1xxx/CVE-2011-1973.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-1973", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-1973",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

34
2011/4xxx/CVE-2011-4666.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4666", "ID": "CVE-2011-4666",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2011/4xxx/CVE-2011-4951.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4951", "ID": "CVE-2011-4951",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[egroupware-german] 20110805 new EGroupware SECURITY & maintenance release 1.8.001.20110805", "description_data": [
"refsource" : "MLIST", {
"url" : "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144" "lang": "eng",
}, "value": "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter."
{ }
"name" : "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/03/29/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/30/3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html" ]
}, },
{ "references": {
"name" : "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178" "name": "http://www.egroupware.org/epl-changelog",
}, "refsource": "CONFIRM",
{ "url": "http://www.egroupware.org/epl-changelog"
"name" : "http://www.egroupware.org/changelog", },
"refsource" : "CONFIRM", {
"url" : "http://www.egroupware.org/changelog" "name": "http://www.egroupware.org/changelog",
}, "refsource": "CONFIRM",
{ "url": "http://www.egroupware.org/changelog"
"name" : "http://www.egroupware.org/epl-changelog", },
"refsource" : "CONFIRM", {
"url" : "http://www.egroupware.org/epl-changelog" "name": "52770",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52770"
"name" : "52770", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52770" "name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178",
} "refsource": "MISC",
] "url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
} },
} {
"name": "[egroupware-german] 20110805 new EGroupware SECURITY & maintenance release 1.8.001.20110805",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
]
}
}

150
2011/5xxx/CVE-2011-5033.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5033", "ID": "CVE-2011-5033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18225", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18225" "lang": "eng",
}, "value": "Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file."
{ }
"name" : "http://forum.configserver.com/viewtopic.php?f=4&t=5008", ]
"refsource" : "CONFIRM", },
"url" : "http://forum.configserver.com/viewtopic.php?f=4&t=5008" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.configserver.com/free/csf/changelog.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.configserver.com/free/csf/changelog.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "csf-dacsf-bo(71758)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71758" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.configserver.com/free/csf/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.configserver.com/free/csf/changelog.txt"
},
{
"name": "csf-dacsf-bo(71758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71758"
},
{
"name": "18225",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18225"
},
{
"name": "http://forum.configserver.com/viewtopic.php?f=4&t=5008",
"refsource": "CONFIRM",
"url": "http://forum.configserver.com/viewtopic.php?f=4&t=5008"
}
]
}
}

120
2014/2xxx/CVE-2014-2071.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2071", "ID": "CVE-2014-2071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc" "lang": "eng",
} "value": "Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/assets/alert/aid-050214.asc",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/aid-050214.asc"
}
]
}
}

130
2014/2xxx/CVE-2014-2075.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2075", "ID": "CVE-2014-2075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tibco.com/mk/advisory.jsp", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tibco.com/mk/advisory.jsp" "lang": "eng",
}, "value": "TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors."
{ }
"name" : "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt"
}
]
}
}

150
2014/2xxx/CVE-2014-2791.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-2791", "ID": "CVE-2014-2791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-037", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "68376", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/68376" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030532", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030532" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59775", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/59775" ]
} },
] "references": {
} "reference_data": [
} {
"name": "68376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68376"
},
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}
}

160
2014/2xxx/CVE-2014-2826.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-2826", "ID": "CVE-2014-2826",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2827, and CVE-2014-4063."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-051", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2827, and CVE-2014-4063."
{ }
"name" : "69122", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/69122" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030715", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030715" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60670", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/60670" ]
}, },
{ "references": {
"name" : "ms-ie-cve20142826-code-exec(94983)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94983" "name": "ms-ie-cve20142826-code-exec(94983)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94983"
} },
} {
"name": "1030715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030715"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
},
{
"name": "69122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69122"
}
]
}
}

160
2014/3xxx/CVE-2014-3037.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-3037", "ID": "CVE-2014-3037",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682120", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682120" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
{ }
"name" : "69658", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/69658" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "60649", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60649" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61071", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/61071" ]
}, },
{ "references": {
"name" : "ibm-vvc-cve20143037-csrf(93303)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93303" "name": "ibm-vvc-cve20143037-csrf(93303)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93303"
} },
} {
"name": "69658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69658"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682120",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682120"
},
{
"name": "61071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61071"
},
{
"name": "60649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60649"
}
]
}
}

34
2014/3xxx/CVE-2014-3112.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3112", "ID": "CVE-2014-3112",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/3xxx/CVE-2014-3244.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3244", "ID": "CVE-2014-3244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Jun/92" "lang": "eng",
}, "value": "XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request."
{ }
"name" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", ]
"refsource" : "MISC", },
"url" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68102", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68102" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "68102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68102"
},
{
"name": "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294",
"refsource": "MISC",
"url": "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294"
},
{
"name": "20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/92"
}
]
}
}

120
2014/3xxx/CVE-2014-3459.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3459", "ID": "CVE-2014-3459",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://zerodayinitiative.com/advisories/ZDI-14-133/", "description_data": [
"refsource" : "MISC", {
"url" : "http://zerodayinitiative.com/advisories/ZDI-14-133/" "lang": "eng",
} "value": "Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-133/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-133/"
}
]
}
}

160
2014/3xxx/CVE-2014-3595.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3595", "ID": "CVE-2014-3595",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "RHSA-2014:1184", "description_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1184.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging."
{ }
"name" : "SUSE-SU-2014:1218", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2014:1339", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61115", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/61115" ]
}, },
{ "references": {
"name" : "62027", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62027" "name": "62027",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/62027"
} },
} {
"name": "RHSA-2014:1184",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1184.html"
},
{
"name": "SUSE-SU-2014:1218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html"
},
{
"name": "SUSE-SU-2014:1339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html"
},
{
"name": "61115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61115"
}
]
}
}

150
2014/6xxx/CVE-2014-6029.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6029", "ID": "CVE-2014-6029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140829 RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/08/29/5" "lang": "eng",
}, "value": "TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php."
{ }
"name" : "[oss-security] 20140902 Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/09/02/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030791", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030791" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573"
},
{
"name": "[oss-security] 20140829 RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/29/5"
},
{
"name": "1030791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030791"
},
{
"name": "[oss-security] 20140902 Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/02/3"
}
]
}
}

130
2014/6xxx/CVE-2014-6258.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6258", "ID": "CVE-2014-6258",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" "lang": "eng",
}, "value": "An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411."
{ }
"name" : "VU#449452", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/449452" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#449452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449452"
},
{
"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource": "CONFIRM",
"url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6541.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6541", "ID": "CVE-2014-6541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR."
{ }
"name" : "72158", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72158" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031572", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031572" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "72158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72158"
},
{
"name": "1031572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031572"
}
]
}
}

140
2014/6xxx/CVE-2014-6928.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6928", "ID": "CVE-2014-6928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#943121", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/943121" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#943121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/943121"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

230
2014/7xxx/CVE-2014-7155.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7155", "ID": "CVE-2014-7155",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xenbits.xen.org/xsa/advisory-105.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://xenbits.xen.org/xsa/advisory-105.html" "lang": "eng",
}, "value": "The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction."
{ }
"name" : "http://support.citrix.com/article/CTX200218", ]
"refsource" : "CONFIRM", },
"url" : "http://support.citrix.com/article/CTX200218" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3041", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3041" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2014-12000", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" ]
}, },
{ "references": {
"name" : "FEDORA-2014-12036", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" "name": "openSUSE-SU-2014:1281",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
"name" : "GLSA-201412-42", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201412-42.xml" "name": "FEDORA-2014-12000",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html"
"name" : "openSUSE-SU-2014:1279", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" "name": "openSUSE-SU-2014:1279",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
"name" : "openSUSE-SU-2014:1281", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" "name": "http://xenbits.xen.org/xsa/advisory-105.html",
}, "refsource": "CONFIRM",
{ "url": "http://xenbits.xen.org/xsa/advisory-105.html"
"name" : "70057", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70057" "name": "http://support.citrix.com/article/CTX200218",
}, "refsource": "CONFIRM",
{ "url": "http://support.citrix.com/article/CTX200218"
"name" : "1030888", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030888" "name": "1030888",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1030888"
"name" : "61858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61858" "name": "FEDORA-2014-12036",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html"
"name" : "61890", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61890" "name": "DSA-3041",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2014/dsa-3041"
} },
} {
"name": "61858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61858"
},
{
"name": "61890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61890"
},
{
"name": "GLSA-201412-42",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-42.xml"
},
{
"name": "70057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70057"
}
]
}
}

140
2014/7xxx/CVE-2014-7484.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7484", "ID": "CVE-2014-7484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#608369", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/608369" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#608369",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/608369"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7487.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7487", "ID": "CVE-2014-7487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#739137", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/739137" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#739137",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/739137"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7609.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7609", "ID": "CVE-2014-7609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#577217", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/577217" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#577217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/577217"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2016/2xxx/CVE-2016-2144.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2144", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2144",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0284. Reason: This candidate is a reservation duplicate of CVE-2015-0284. Notes: All CVE users should reference CVE-2015-0284 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0284. Reason: This candidate is a reservation duplicate of CVE-2015-0284. Notes: All CVE users should reference CVE-2015-0284 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

200
2016/2xxx/CVE-2016-2856.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2856", "ID": "CVE-2016-2856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160223 Access to /dev/pts devices via pt_chown and user namespaces", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/02/23/3" "lang": "eng",
}, "value": "pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option."
{ }
"name" : "[oss-security] 20160306 Re: Access to /dev/pts devices via pt_chown and user namespaces", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/03/07/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/", "description": [
"refsource" : "MISC", {
"url" : "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403", ]
"refsource" : "CONFIRM", }
"url" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403" ]
}, },
{ "references": {
"name" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958" "name": "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/",
}, "refsource": "MISC",
{ "url": "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/"
"name" : "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html", },
"refsource" : "CONFIRM", {
"url" : "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html" "name": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958",
}, "refsource": "CONFIRM",
{ "url": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958"
"name" : "USN-2985-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2985-1" "name": "[oss-security] 20160306 Re: Access to /dev/pts devices via pt_chown and user namespaces",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/03/07/2"
"name" : "USN-2985-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2985-2" "name": "84601",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/84601"
"name" : "84601", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84601" "name": "USN-2985-2",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2985-2"
} },
} {
"name": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html",
"refsource": "CONFIRM",
"url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html"
},
{
"name": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403"
},
{
"name": "[oss-security] 20160223 Access to /dev/pts devices via pt_chown and user namespaces",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/23/3"
},
{
"name": "USN-2985-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2985-1"
}
]
}
}

140
2017/0xxx/CVE-2017-0012.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0012", "ID": "CVE-2017-0012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Browsers", "product_name": "Browsers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Internet Explorer 11 and Microsoft Edge" "version_value": "Internet Explorer 11 and Microsoft Edge"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Spoofing"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012" "lang": "eng",
}, "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069."
{ }
"name" : "96085", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96085" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038006", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038006" "lang": "eng",
} "value": "Spoofing"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012"
},
{
"name": "96085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96085"
}
]
}
}

34
2017/18xxx/CVE-2017-18173.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18173", "ID": "CVE-2017-18173",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

154
2017/1xxx/CVE-2017-1152.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2017-1152", "ID": "CVE-2017-1152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Financial Transaction Manager", "product_name": "Financial Transaction Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.0.1" "version_value": "3.0.1"
}, },
{ {
"version_value" : "3.0.1.0" "version_value": "3.0.1.0"
}, },
{ {
"version_value" : "3.0.2" "version_value": "3.0.2"
}, },
{ {
"version_value" : "3.0.2.0" "version_value": "3.0.2.0"
}, },
{ {
"version_value" : "3.0.2.1" "version_value": "3.0.2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22001551", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22001551" "lang": "eng",
}, "value": "IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293."
{ }
"name" : "99237", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99237" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001551",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001551"
},
{
"name": "99237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99237"
}
]
}
}

34
2017/1xxx/CVE-2017-1206.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1206", "ID": "CVE-2017-1206",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1408.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1408", "ID": "CVE-2017-1408",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

216
2017/1xxx/CVE-2017-1418.json
View File

@ -1,110 +1,110 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-11-20T00:00:00", "DATE_PUBLIC": "2018-11-20T00:00:00",
"ID" : "CVE-2017-1418", "ID": "CVE-2017-1418",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Integration Bus", "product_name": "Integration Bus",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.0" "version_value": "9.0.0.0"
}, },
{ {
"version_value" : "10.0.0.14" "version_value": "10.0.0.14"
}, },
{ {
"version_value" : "9.0.0.11" "version_value": "9.0.0.11"
}, },
{ {
"version_value" : "10.0.0.0" "version_value": "10.0.0.0"
} }
] ]
} }
}, },
{ {
"product_name" : "WebSphere Message Broker", "product_name": "WebSphere Message Broker",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0.0.0" "version_value": "8.0.0.0"
}, },
{ {
"version_value" : "8.0.0.9" "version_value": "8.0.0.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "N",
"I" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "4.000",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File Manipulation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181" "lang": "eng",
}, "value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406."
{ }
"name" : "ibm-ibus-cve20171418-file-access(127406)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "L",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"SCORE": "4.000",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-ibus-cve20171418-file-access(127406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10735181",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181"
}
]
}
}

34
2017/1xxx/CVE-2017-1852.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1852", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1852",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1952.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1952", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1952",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/5xxx/CVE-2017-5198.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5198", "ID": "CVE-2017-5198",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html" "lang": "eng",
}, "value": "SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh."
{ }
"name" : "97094", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97094" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html",
"refsource": "MISC",
"url": "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html"
},
{
"name": "97094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97094"
}
]
}
}

170
2017/5xxx/CVE-2017-5202.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5202", "ID": "CVE-2017-5202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" "lang": "eng",
}, "value": "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print()."
{ }
"name" : "DSA-3775", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3775" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201702-30", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201702-30" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2017:1871", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:1871" ]
}, },
{ "references": {
"name" : "95852", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95852" "name": "1037755",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1037755"
"name" : "1037755", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037755" "name": "DSA-3775",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3775"
} },
} {
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

150
2017/5xxx/CVE-2017-5496.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5496", "ID": "CVE-2017-5496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41395", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41395/" "lang": "eng",
}, "value": "Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash."
{ }
"name" : "20170221 Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Feb/46" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt", "description": [
"refsource" : "MISC", {
"url" : "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41395",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41395/"
},
{
"name": "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html"
},
{
"name": "20170221 Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/46"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt"
}
]
}
}

34
2017/5xxx/CVE-2017-5514.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5514", "ID": "CVE-2017-5514",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/5xxx/CVE-2017-5519.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5519", "ID": "CVE-2017-5519",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/semplon/GeniXCMS/issues/67", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/semplon/GeniXCMS/issues/67" "lang": "eng",
}, "value": "SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "95458", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95458" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95458"
},
{
"name": "https://github.com/semplon/GeniXCMS/issues/67",
"refsource": "CONFIRM",
"url": "https://github.com/semplon/GeniXCMS/issues/67"
}
]
}
}

120
2017/5xxx/CVE-2017-5624.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5624", "ID": "CVE-2017-5624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/", "description_data": [
"refsource" : "MISC", {
"url" : "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/" "lang": "eng",
} "value": "An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/",
"refsource": "MISC",
"url": "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/"
}
]
}
}