admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:35:33 +00:00
parent bb691cc5dc
commit 617647373e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4155 additions and 4155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

328
2006/0xxx/CVE-2006-0039.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=133465",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=133465"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13",
"refsource" : "MISC",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
},
{
"name" : "DSA-1097",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1097"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "RHSA-2006:0689",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
},
{
"name" : "USN-311-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-311-1"
},
{
"name" : "18113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18113"
},
{
"name" : "oval:org.mitre.oval:def:10309",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309"
},
{
"name" : "ADV-2006-1893",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1893"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "25697",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25697"
},
{
"name" : "20185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20185"
},
{
"name" : "20671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20671"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "20991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20991"
},
{
"name" : "22292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22292"
},
{
"name" : "22945",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22945"
},
{
"name" : "21476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21476"
},
{
"name" : "linux-doaddcounters-race-condition(26583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26583"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13",
"refsource": "MISC",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13"
},
{
"name": "ADV-2006-1893",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1893"
},
{
"name": "21476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21476"
},
{
"name": "linux-doaddcounters-race-condition(26583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26583"
},
{
"name": "22292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22292"
},
{
"name": "RHSA-2006:0689",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
},
{
"name": "oval:org.mitre.oval:def:10309",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309"
},
{
"name": "DSA-1097",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1097"
},
{
"name": "20185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20185"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17"
},
{
"name": "USN-311-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-311-1"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "25697",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25697"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698"
},
{
"name": "22945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22945"
},
{
"name": "20991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20991"
},
{
"name": "20671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20671"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=133465",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=133465"
},
{
"name": "18113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18113"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

208
2006/0xxx/CVE-2006-0492.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060201 [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423656/100/0/threaded"
},
{
"name" : "http://www.evuln.com/vulns/52/summary.html",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/52/summary.html"
},
{
"name" : "16456",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16456"
},
{
"name" : "ADV-2006-0365",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0365"
},
{
"name" : "22810",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22810"
},
{
"name" : "22811",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22811"
},
{
"name" : "1015560",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015560"
},
{
"name" : "18667",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18667"
},
{
"name" : "394",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/394"
},
{
"name" : "calendarix-multiple-sql-injection(24332)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24332"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22811"
},
{
"name": "calendarix-multiple-sql-injection(24332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24332"
},
{
"name": "394",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/394"
},
{
"name": "http://www.evuln.com/vulns/52/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/52/summary.html"
},
{
"name": "1015560",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015560"
},
{
"name": "20060201 [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423656/100/0/threaded"
},
{
"name": "18667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18667"
},
{
"name": "16456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16456"
},
{
"name": "ADV-2006-0365",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0365"
},
{
"name": "22810",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22810"
}
]
}
}

198
2006/0xxx/CVE-2006-0679.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425173/100/0/threaded"
},
{
"name" : "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0358.html"
},
{
"name" : "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/32"
},
{
"name" : "16691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16691"
},
{
"name" : "ADV-2006-0636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0636"
},
{
"name" : "23259",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23259"
},
{
"name" : "18931",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18931"
},
{
"name" : "440",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/440"
},
{
"name" : "phpnuke-youraccount-sql-injection(24769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24769"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0358.html"
},
{
"name": "phpnuke-youraccount-sql-injection(24769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24769"
},
{
"name": "18931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18931"
},
{
"name": "23259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23259"
},
{
"name": "16691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16691"
},
{
"name": "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425173/100/0/threaded"
},
{
"name": "20060216 Critical SQL Injection PHPNuke <= 7.8 - Your_Account module",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/32"
},
{
"name": "440",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/440"
},
{
"name": "ADV-2006-0636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0636"
}
]
}
}

148
2006/0xxx/CVE-2006-0786.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for \"http://\", \"ftp://\", and \"https://\" URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425196/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html"
},
{
"name" : "1015640",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015640"
},
{
"name" : "445",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/445"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for \"http://\", \"ftp://\", and \"https://\" URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015640",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015640"
},
{
"name": "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html"
},
{
"name": "445",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/445"
},
{
"name": "20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425196/100/0/threaded"
}
]
}
}

158
2006/0xxx/CVE-2006-0919.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060223 HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425924/100/0/threaded"
},
{
"name" : "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt",
"refsource" : "MISC",
"url" : "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt"
},
{
"name" : "ADV-2006-0718",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0718"
},
{
"name" : "23462",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23462"
},
{
"name" : "18993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18993"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23462",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23462"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt"
},
{
"name": "20060223 HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425924/100/0/threaded"
},
{
"name": "18993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18993"
},
{
"name": "ADV-2006-0718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0718"
}
]
}
}

198
2006/1xxx/CVE-2006-1547.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html",
"refsource" : "CONFIRM",
"url" : "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html"
},
{
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534",
"refsource" : "CONFIRM",
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534"
},
{
"name" : "SUSE-SR:2006:010",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name" : "17342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17342"
},
{
"name" : "ADV-2006-1205",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1205"
},
{
"name" : "1015856",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015856"
},
{
"name" : "19493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19493"
},
{
"name" : "20117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20117"
},
{
"name" : "struts-actionform-dos(25613)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25613"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015856",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015856"
},
{
"name": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html"
},
{
"name": "ADV-2006-1205",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1205"
},
{
"name": "17342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17342"
},
{
"name": "19493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19493"
},
{
"name": "struts-actionform-dos(25613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25613"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=38534"
}
]
}
}

208
2006/3xxx/CVE-2006-3119.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-3119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-1124",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1124"
},
{
"name" : "GLSA-200608-22",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-22.xml"
},
{
"name" : "SUSE-SR:2006:019",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name" : "19131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19131"
},
{
"name" : "ADV-2006-2982",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2982"
},
{
"name" : "21169",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21169"
},
{
"name" : "21191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21191"
},
{
"name" : "21599",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21599"
},
{
"name" : "21459",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21459"
},
{
"name" : "fbida-fbgs-typo-security-bypass(28038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28038"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200608-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-22.xml"
},
{
"name": "19131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19131"
},
{
"name": "ADV-2006-2982",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2982"
},
{
"name": "21599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21599"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "fbida-fbgs-typo-security-bypass(28038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28038"
},
{
"name": "DSA-1124",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1124"
},
{
"name": "21169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21169"
},
{
"name": "21191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21191"
}
]
}
}

32
2006/3xxx/CVE-2006-3447.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3447",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3447",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

128
2006/3xxx/CVE-2006-3625.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060712 FLV Players Multiple Input Validation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439886/100/0/threaded"
},
{
"name" : "flvplayer-player-path-disclosure(27726)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27726"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "flvplayer-player-path-disclosure(27726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27726"
},
{
"name": "20060712 FLV Players Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439886/100/0/threaded"
}
]
}
}

32
2006/3xxx/CVE-2006-3891.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3891",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3891",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2006/4xxx/CVE-2006-4014.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) \"by sending invalid posts\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html"
},
{
"name" : "19182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19182"
},
{
"name" : "ADV-2006-3018",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3018"
},
{
"name" : "1016600",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016600"
},
{
"name" : "21223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21223"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) \"by sending invalid posts\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016600",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016600"
},
{
"name": "19182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19182"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.07.27.html"
},
{
"name": "ADV-2006-3018",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3018"
},
{
"name": "21223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21223"
}
]
}
}

178
2006/4xxx/CVE-2006-4642.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AuditWizard 6.3.2, when using \"Remote Audit,\" logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060905 AuditWizard 6.3.2 gives away administrator password",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445220/100/0/threaded"
},
{
"name" : "19860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19860"
},
{
"name" : "ADV-2006-3498",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3498"
},
{
"name" : "1016795",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016795"
},
{
"name" : "21773",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21773"
},
{
"name" : "1525",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1525"
},
{
"name" : "auditwizard-remoteaudit-password-disclosure(28743)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28743"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AuditWizard 6.3.2, when using \"Remote Audit,\" logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "auditwizard-remoteaudit-password-disclosure(28743)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28743"
},
{
"name": "20060905 AuditWizard 6.3.2 gives away administrator password",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445220/100/0/threaded"
},
{
"name": "21773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21773"
},
{
"name": "ADV-2006-3498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3498"
},
{
"name": "1525",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1525"
},
{
"name": "1016795",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016795"
},
{
"name": "19860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19860"
}
]
}
}

288
2010/2xxx/CVE-2010-2226.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20100617 CVE request - kernel: xfs swapext ioctl issue",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127677135609357&w=2"
},
{
"name" : "[oss-security] 20100618 Re: CVE request - kernel: xfs swapext ioctl issue",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127687486331790&w=2"
},
{
"name" : "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues",
"refsource" : "MLIST",
"url" : "http://archives.free.net.ph/message/20100616.130710.301704aa.en.html"
},
{
"name" : "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues",
"refsource" : "MLIST",
"url" : "http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=605158",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=605158"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "DSA-2094",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2094"
},
{
"name" : "MDVSA-2010:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name" : "RHSA-2010:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name" : "SUSE-SA:2010:060",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "USN-1000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name" : "40920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40920"
},
{
"name" : "43315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43315"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name": "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues",
"refsource": "MLIST",
"url": "http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63"
},
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "[oss-security] 20100618 Re: CVE request - kernel: xfs swapext ioctl issue",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127687486331790&w=2"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=605158",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=605158"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "SUSE-SA:2010:060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "[oss-security] 20100617 CVE request - kernel: xfs swapext ioctl issue",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127677135609357&w=2"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
},
{
"name": "[xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues",
"refsource": "MLIST",
"url": "http://archives.free.net.ph/message/20100616.130710.301704aa.en.html"
},
{
"name": "DSA-2094",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2094"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "40920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40920"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}

228
2010/2xxx/CVE-2010-2242.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://libvirt.org/news.html",
"refsource" : "CONFIRM",
"url" : "http://libvirt.org/news.html"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=602455",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
},
{
"name" : "FEDORA-2010-10960",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name" : "FEDORA-2010-11021",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name" : "RHSA-2010:0615",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "USN-1008-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-1"
},
{
"name" : "USN-1008-2",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-2"
},
{
"name" : "USN-1008-3",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-3"
},
{
"name" : "ADV-2010-2062",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2062"
},
{
"name" : "ADV-2010-2763",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
},
{
"name": "FEDORA-2010-10960",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name": "RHSA-2010:0615",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
},
{
"name": "USN-1008-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=602455",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}

218
2010/2xxx/CVE-2010-2431.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cups.org/articles.php?L596",
"refsource" : "CONFIRM",
"url" : "http://cups.org/articles.php?L596"
},
{
"name" : "http://cups.org/str.php?L3510",
"refsource" : "CONFIRM",
"url" : "http://cups.org/str.php?L3510"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=605397",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=605397"
},
{
"name" : "DSA-2176",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2176"
},
{
"name" : "GLSA-201207-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name" : "MDVSA-2010:232",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:232"
},
{
"name" : "MDVSA-2010:234",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:234"
},
{
"name" : "RHSA-2010:0811",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2010-0811.html"
},
{
"name" : "43521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43521"
},
{
"name" : "ADV-2010-2856",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2856"
},
{
"name" : "ADV-2011-0535",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0535"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:234",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:234"
},
{
"name": "RHSA-2010:0811",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0811.html"
},
{
"name": "http://cups.org/articles.php?L596",
"refsource": "CONFIRM",
"url": "http://cups.org/articles.php?L596"
},
{
"name": "MDVSA-2010:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:232"
},
{
"name": "ADV-2010-2856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2856"
},
{
"name": "DSA-2176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2176"
},
{
"name": "GLSA-201207-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name": "ADV-2011-0535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0535"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=605397",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=605397"
},
{
"name": "43521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43521"
},
{
"name": "http://cups.org/str.php?L3510",
"refsource": "CONFIRM",
"url": "http://cups.org/str.php?L3510"
}
]
}
}

178
2010/2xxx/CVE-2010-2721.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14244",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14244"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt"
},
{
"name" : "41394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41394"
},
{
"name" : "66033",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66033"
},
{
"name" : "40438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40438"
},
{
"name" : "ADV-2010-1741",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1741"
},
{
"name" : "lyricsv3engine-index-sql-injection(60118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60118"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1741"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/lyrics-sql.txt"
},
{
"name": "40438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40438"
},
{
"name": "lyricsv3engine-index-sql-injection(60118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60118"
},
{
"name": "14244",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14244"
},
{
"name": "66033",
"refsource": "OSVDB",
"url": "http://osvdb.org/66033"
},
{
"name": "41394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41394"
}
]
}
}

138
2010/3xxx/CVE-2010-3197.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name" : "IC67819",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
},
{
"name" : "oval:org.mitre.oval:def:14430",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14430",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14430"
},
{
"name": "IC67819",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
}
]
}
}

158
2010/3xxx/CVE-2010-3473.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm",
"refsource" : "CONFIRM",
"url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm"
},
{
"name" : "PJ37180",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37180"
},
{
"name" : "43272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43272"
},
{
"name" : "41458",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41458"
},
{
"name" : "ADV-2010-2419",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2419"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm",
"refsource": "CONFIRM",
"url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm"
},
{
"name": "PJ37180",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37180"
},
{
"name": "43272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43272"
},
{
"name": "41458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41458"
},
{
"name": "ADV-2010-2419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2419"
}
]
}
}

168
2010/3xxx/CVE-2010-3510.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45847"
},
{
"name" : "1024981",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024981"
},
{
"name" : "42975",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42975"
},
{
"name" : "ADV-2011-0143",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0143"
},
{
"name" : "weblogic-node-manager-code-exec(64765)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64765"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Node Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0143",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0143"
},
{
"name": "45847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45847"
},
{
"name": "weblogic-node-manager-code-exec(64765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64765"
},
{
"name": "1024981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024981"
},
{
"name": "42975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42975"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

198
2010/3xxx/CVE-2010-3600.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-018/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-018/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45883"
},
{
"name" : "1024972",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024972"
},
{
"name" : "42895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42895"
},
{
"name" : "42921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42921"
},
{
"name" : "ADV-2011-0139",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0139"
},
{
"name" : "ADV-2011-0140",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0140"
},
{
"name" : "oracle-db-gridcontrol-unspecified(64755)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64755"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0139"
},
{
"name": "1024972",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024972"
},
{
"name": "45883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45883"
},
{
"name": "42895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42895"
},
{
"name": "oracle-db-gridcontrol-unspecified(64755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64755"
},
{
"name": "42921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42921"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-018/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-018/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "ADV-2011-0140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0140"
}
]
}
}

32
2010/3xxx/CVE-2010-3844.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3844",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3844",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2010/3xxx/CVE-2010-3923.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://homepage2.nifty.com/hibara/software/atcs.htm",
"refsource" : "CONFIRM",
"url" : "http://homepage2.nifty.com/hibara/software/atcs.htm"
},
{
"name" : "JVN#02175694",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN02175694/index.html"
},
{
"name" : "JVNDB-2010-000066",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000066.html"
},
{
"name" : "42672",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42672"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42672"
},
{
"name": "http://homepage2.nifty.com/hibara/software/atcs.htm",
"refsource": "CONFIRM",
"url": "http://homepage2.nifty.com/hibara/software/atcs.htm"
},
{
"name": "JVNDB-2010-000066",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000066.html"
},
{
"name": "JVN#02175694",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02175694/index.html"
}
]
}
}

32
2011/1xxx/CVE-2011-1369.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1369",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1369",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2011/1xxx/CVE-2011-1564.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17025",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17025"
},
{
"name" : "http://aluigi.org/adv/realwin_6-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/realwin_6-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf"
},
{
"name" : "46937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46937"
},
{
"name" : "43848",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43848"
},
{
"name" : "8177",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8177"
},
{
"name" : "ADV-2011-0742",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0742"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46937"
},
{
"name": "8177",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8177"
},
{
"name": "http://aluigi.org/adv/realwin_6-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/realwin_6-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf"
},
{
"name": "17025",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17025"
},
{
"name": "43848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43848"
},
{
"name": "ADV-2011-0742",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0742"
}
]
}
}

148
2011/5xxx/CVE-2011-5037.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name" : "http://www.nruns.com/_downloads/advisory28122011.pdf",
"refsource" : "MISC",
"url" : "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2011-003.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"name" : "VU#903934",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/903934"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
"refsource": "MISC",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "VU#903934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2011-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
]
}
}

168
2011/5xxx/CVE-2011-5279.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \\n (newline) character in an HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140410 Re: iis cgi 0day",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/128"
},
{
"name" : "20120401 FW: iis bug",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Apr/0"
},
{
"name" : "20120402 Re: iis bug",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Apr/13"
},
{
"name" : "20140409 iis cgi 0day",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/108"
},
{
"name" : "20140419 Re: iis cgi 0day",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/247"
},
{
"name" : "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e",
"refsource" : "MISC",
"url" : "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \\n (newline) character in an HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140419 Re: iis cgi 0day",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/247"
},
{
"name": "20140410 Re: iis cgi 0day",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/128"
},
{
"name": "20120401 FW: iis bug",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Apr/0"
},
{
"name": "20140409 iis cgi 0day",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/108"
},
{
"name": "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e",
"refsource": "MISC",
"url": "http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e"
},
{
"name": "20120402 Re: iis bug",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Apr/13"
}
]
}
}

138
2014/3xxx/CVE-2014-3013.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675415",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"name" : "59259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59259"
},
{
"name" : "ibm-curan-cve20143013-xss(93011)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"name": "59259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59259"
},
{
"name": "ibm-curan-cve20143013-xss(93011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
}
]
}
}

32
2014/3xxx/CVE-2014-3495.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3495",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3495",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/3xxx/CVE-2014-3648.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3648",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3648",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2014/7xxx/CVE-2014-7067.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#959489",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/959489"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#959489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/959489"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

158
2014/7xxx/CVE-2014-7274.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name" : "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://pyropus.ca/software/getmail/CHANGELOG"
},
{
"name" : "DSA-3091",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3091"
},
{
"name" : "openSUSE-SU-2014:1315",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name" : "61229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61229"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
},
{
"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/07/33"
},
{
"name": "DSA-3091",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3091"
},
{
"name": "61229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61229"
},
{
"name": "http://pyropus.ca/software/getmail/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://pyropus.ca/software/getmail/CHANGELOG"
}
]
}
}

138
2014/7xxx/CVE-2014-7428.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#808569",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/808569"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#808569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/808569"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7497.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#588305",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/588305"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#588305",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/588305"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7800.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#284089",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/284089"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#284089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/284089"
}
]
}
}

168
2014/8xxx/CVE-2014-8078.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://drupal.org/node/2231671",
"refsource" : "MISC",
"url" : "https://drupal.org/node/2231671"
},
{
"name" : "https://www.drupal.org/node/2231191",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2231191"
},
{
"name" : "https://www.drupal.org/node/2231197",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2231197"
},
{
"name" : "https://www.drupal.org/node/2231199",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2231199"
},
{
"name" : "57402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57402"
},
{
"name" : "print-drupal-node-xss(92349)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92349"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2231191",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2231191"
},
{
"name": "57402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57402"
},
{
"name": "https://www.drupal.org/node/2231197",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2231197"
},
{
"name": "https://drupal.org/node/2231671",
"refsource": "MISC",
"url": "https://drupal.org/node/2231671"
},
{
"name": "https://www.drupal.org/node/2231199",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2231199"
},
{
"name": "print-drupal-node-xss(92349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92349"
}
]
}
}

32
2014/8xxx/CVE-2014-8228.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8228",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8228",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8410.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8410",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8410",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2014/8xxx/CVE-2014-8667.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "http://service.sap.com/sap/support/notes/0002069676",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0002069676"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/0002069676",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0002069676"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
]
}
}

148
2014/8xxx/CVE-2014-8837.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-8837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
},
{
"name" : "macosx-cve20148837-priv-esc(100491)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100491"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "macosx-cve20148837-priv-esc(100491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100491"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

138
2014/9xxx/CVE-2014-9022.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the \"disabled\" restriction and modify read-only components via a crafted form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2373973",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2373973"
},
{
"name" : "https://www.drupal.org/node/2373471",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2373471"
},
{
"name" : "https://www.drupal.org/node/2373473",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2373473"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the \"disabled\" restriction and modify read-only components via a crafted form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2373471",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2373471"
},
{
"name": "https://www.drupal.org/node/2373473",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2373473"
},
{
"name": "https://www.drupal.org/node/2373973",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2373973"
}
]
}
}

128
2014/9xxx/CVE-2014-9025.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2336357",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2336357"
},
{
"name" : "https://www.drupal.org/node/2336327",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2336327"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2336327",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2336327"
},
{
"name": "https://www.drupal.org/node/2336357",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2336357"
}
]
}
}

158
2016/2xxx/CVE-2016-2173.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326205",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326205"
},
{
"name" : "https://pivotal.io/security/cve-2016-2173",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2016-2173"
},
{
"name" : "FEDORA-2016-005ac9cfd5",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html"
},
{
"name" : "FEDORA-2016-6cf17ad0df",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html"
},
{
"name" : "FEDORA-2016-f099190fee",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-6cf17ad0df",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html"
},
{
"name": "FEDORA-2016-005ac9cfd5",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html"
},
{
"name": "https://pivotal.io/security/cve-2016-2173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-2173"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326205"
},
{
"name": "FEDORA-2016-f099190fee",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html"
}
]
}
}

328
2016/2xxx/CVE-2016-2176.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
},
{
"name" : "https://www.openssl.org/news/secadv/20160503.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10160"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "https://support.apple.com/HT206903",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206903"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa123",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name" : "https://www.tenable.com/security/tns-2016-18",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-18"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160504-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "APPLE-SA-2016-07-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name" : "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"name" : "GLSA-201612-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-16"
},
{
"name" : "SSA:2016-124-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "89746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/89746"
},
{
"name" : "1035721",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035721"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2016-124-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us"
},
{
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
},
{
"name": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10160"
},
{
"name": "GLSA-201612-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "1035721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "89746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89746"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160504-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "https://www.openssl.org/news/secadv/20160503.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa123",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa123"
}
]
}
}

118
2016/2xxx/CVE-2016-2287.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01"
}
]
}
}

218
2016/2xxx/CVE-2016-2560.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-11/",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-11/"
},
{
"name" : "DSA-3627",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3627"
},
{
"name" : "FEDORA-2016-65da02b95c",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"
},
{
"name" : "FEDORA-2016-02ee5b4002",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"
},
{
"name" : "openSUSE-SU-2016:0663",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html"
},
{
"name" : "openSUSE-SU-2016:0666",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-65da02b95c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-11/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-11/"
},
{
"name": "DSA-3627",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3627"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc"
},
{
"name": "FEDORA-2016-02ee5b4002",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32"
},
{
"name": "openSUSE-SU-2016:0666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078"
},
{
"name": "openSUSE-SU-2016:0663",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html"
}
]
}
}

32
2016/2xxx/CVE-2016-2708.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2708",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2708",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

118
2016/2xxx/CVE-2016-2787.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://puppet.com/security/cve/CVE-2016-2787",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/CVE-2016-2787"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2016-2787",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2016-2787"
}
]
}
}

176
2016/6xxx/CVE-2016-6124.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kenexa LMS on Cloud",
"version" : {
"version_data" : [
{
"version_value" : "13.0"
},
{
"version_value" : "13.1"
},
{
"version_value" : "13.2"
},
{
"version_value" : "13.2.2"
},
{
"version_value" : "13.2.3"
},
{
"version_value" : "13.2.4"
},
{
"version_value" : "14.0.0"
},
{
"version_value" : "14.1.0"
},
{
"version_value" : "14.2.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kenexa LMS on Cloud",
"version": {
"version_data": [
{
"version_value": "13.0"
},
{
"version_value": "13.1"
},
{
"version_value": "13.2"
},
{
"version_value": "13.2.2"
},
{
"version_value": "13.2.3"
},
{
"version_value": "13.2.4"
},
{
"version_value": "14.0.0"
},
{
"version_value": "14.1.0"
},
{
"version_value": "14.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982"
},
{
"name" : "94306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94306"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993982",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993982"
},
{
"name": "94306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94306"
}
]
}
}

128
2016/6xxx/CVE-2016-6397.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IPICS 4.8(1) to 4.10(1)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IPICS 4.8(1) to 4.10(1)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IPICS 4.8(1) to 4.10(1)",
"version": {
"version_data": [
{
"version_value": "Cisco IPICS 4.8(1) to 4.10(1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics"
},
{
"name" : "93913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93913"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics"
},
{
"name": "93913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93913"
}
]
}
}

138
2016/6xxx/CVE-2016-6424.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161005 Cisco ASA Software DHCP Relay Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp"
},
{
"name" : "93408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93408"
},
{
"name" : "1036961",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036961"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20161005 Cisco ASA Software DHCP Relay Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp"
},
{
"name": "93408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93408"
},
{
"name": "1036961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036961"
}
]
}
}

128
2016/6xxx/CVE-2016-6429.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IP Interoperability and Collaboration System 4.10(1)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IP Interoperability and Collaboration System 4.10(1)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IP Interoperability and Collaboration System 4.10(1)",
"version": {
"version_data": [
{
"version_value": "Cisco IP Interoperability and Collaboration System 4.10(1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1"
},
{
"name" : "93915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93915"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1"
},
{
"name": "93915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93915"
}
]
}
}

146
2017/18xxx/CVE-2017-18091.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-02-16T00:00:00",
"ID" : "CVE-2017-18091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fisheye and Crucible",
"version" : {
"version_data" : [
{
"version_value" : "prior to 4.4.3"
},
{
"version_value" : "prior to 4.5.0"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-02-16T00:00:00",
"ID": "CVE-2017-18091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "prior to 4.4.3"
},
{
"version_value": "prior to 4.5.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CRUC-8173",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CRUC-8173"
},
{
"name" : "https://jira.atlassian.com/browse/FE-7006",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/FE-7006"
},
{
"name" : "103079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103079"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/FE-7006",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/FE-7006"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8173",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/CRUC-8173"
},
{
"name": "103079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103079"
}
]
}
}

168
2017/5xxx/CVE-2017-5085.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 59 for iOS",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 59 for iOS"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 59 for iOS",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 59 for iOS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/692378",
"refsource" : "MISC",
"url" : "https://crbug.com/692378"
},
{
"name" : "GLSA-201706-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-20"
},
{
"name" : "RHSA-2017:1399",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name" : "98861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98861"
},
{
"name" : "1038622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038622"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98861"
},
{
"name": "RHSA-2017:1399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name": "1038622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038622"
},
{
"name": "https://crbug.com/692378",
"refsource": "MISC",
"url": "https://crbug.com/692378"
},
{
"name": "GLSA-201706-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
}
]
}
}

168
2017/5xxx/CVE-2017-5133.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 62.0.3202.62",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 62.0.3202.62"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read and write"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 62.0.3202.62",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 62.0.3202.62"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/762106",
"refsource" : "MISC",
"url" : "https://crbug.com/762106"
},
{
"name" : "DSA-4020",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4020"
},
{
"name" : "GLSA-201710-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-24"
},
{
"name" : "RHSA-2017:2997",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2997"
},
{
"name" : "101482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101482"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read and write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101482"
},
{
"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/762106",
"refsource": "MISC",
"url": "https://crbug.com/762106"
},
{
"name": "DSA-4020",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4020"
},
{
"name": "RHSA-2017:2997",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2997"
},
{
"name": "GLSA-201710-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-24"
}
]
}
}

168
2017/5xxx/CVE-2017-5205.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}

32
2017/5xxx/CVE-2017-5320.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5320",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5320",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/5xxx/CVE-2017-5587.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5587",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5587",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}