admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:02:09 +00:00
parent 876c845ce8
commit 660e14a62d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4547 additions and 4547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0510.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060130 Daffodil CRM - vulnerable to SQL-injection.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423718/100/0/threaded"
},
{
"name" : "16433",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16433"
},
{
"name" : "ADV-2006-0412",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0412"
},
{
"name" : "22879",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22879"
},
{
"name" : "18685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18685"
},
{
"name" : "daffodilcrm-userlogin-sql-injection(24450)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24450"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0412"
},
{
"name": "20060130 Daffodil CRM - vulnerable to SQL-injection.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423718/100/0/threaded"
},
{
"name": "daffodilcrm-userlogin-sql-injection(24450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24450"
},
{
"name": "18685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18685"
},
{
"name": "16433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16433"
},
{
"name": "22879",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22879"
}
]
}
}

170
2006/0xxx/CVE-2006-0604.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060211 [eVuln] phphg Guestbook Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424740/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/58/description.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/58/description.html"
},
{
"name" : "16541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16541"
},
{
"name" : "ADV-2006-0480",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0480"
},
{
"name" : "1015620",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015620"
},
{
"name" : "18758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0480"
},
{
"name": "16541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16541"
},
{
"name": "1015620",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015620"
},
{
"name": "18758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18758"
},
{
"name": "http://evuln.com/vulns/58/description.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/58/description.html"
},
{
"name": "20060211 [eVuln] phphg Guestbook Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424740/100/0/threaded"
}
]
}
}

190
2006/0xxx/CVE-2006-0644.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060208 CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424439/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html"
},
{
"name" : "http://dragonflycms.org/Forums/viewtopic/p=98034.html",
"refsource" : "CONFIRM",
"url" : "http://dragonflycms.org/Forums/viewtopic/p=98034.html"
},
{
"name" : "http://dragonflycms.org/Forums/viewtopic/p=98034.html#98034",
"refsource" : "CONFIRM",
"url" : "http://dragonflycms.org/Forums/viewtopic/p=98034.html#98034"
},
{
"name" : "16546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16546"
},
{
"name" : "23058",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23058"
},
{
"name" : "1015601",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015601"
},
{
"name" : "cpg-dragonfly-file-include(24660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16546"
},
{
"name": "http://dragonflycms.org/Forums/viewtopic/p=98034.html",
"refsource": "CONFIRM",
"url": "http://dragonflycms.org/Forums/viewtopic/p=98034.html"
},
{
"name": "cpg-dragonfly-file-include(24660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24660"
},
{
"name": "1015601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015601"
},
{
"name": "http://dragonflycms.org/Forums/viewtopic/p=98034.html#98034",
"refsource": "CONFIRM",
"url": "http://dragonflycms.org/Forums/viewtopic/p=98034.html#98034"
},
{
"name": "http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html"
},
{
"name": "23058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23058"
},
{
"name": "20060208 CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424439/100/0/threaded"
}
]
}
}

130
2006/3xxx/CVE-2006-3140.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/openci-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/openci-sql-inj.html"
},
{
"name" : "openci-index-sql-injection(27147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openci-index-sql-injection(27147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27147"
},
{
"name": "http://pridels0.blogspot.com/2006/06/openci-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/openci-sql-inj.html"
}
]
}
}

160
2006/3xxx/CVE-2006-3391.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18848"
},
{
"name" : "ADV-2006-2672",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2672"
},
{
"name" : "27049",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27049"
},
{
"name" : "20938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20938"
},
{
"name" : "imbccontents-activex-code-execution(27710)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27049",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27049"
},
{
"name": "ADV-2006-2672",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2672"
},
{
"name": "18848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18848"
},
{
"name": "20938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20938"
},
{
"name": "imbccontents-activex-code-execution(27710)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27710"
}
]
}
}

220
2006/3xxx/CVE-2006-3522.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"name" : "20060711 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"name" : "20060710 MIMESweeper For Web 5.X Cross Site Scripting",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=115249298204354&w=2"
},
{
"name" : "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=115253898206225&w=2"
},
{
"name" : "20060710 Re: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=115253320721404&w=2"
},
{
"name" : "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm",
"refsource" : "CONFIRM",
"url" : "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name" : "18916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18916"
},
{
"name" : "ADV-2006-2731",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2731"
},
{
"name" : "1016454",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016454"
},
{
"name" : "20998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20998"
},
{
"name" : "mimesweeper-error-xss(27642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016454",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016454"
},
{
"name": "20060710 Re: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=115253320721404&w=2"
},
{
"name": "mimesweeper-error-xss(27642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27642"
},
{
"name": "20060710 MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=115249298204354&w=2"
},
{
"name": "20998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20998"
},
{
"name": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm",
"refsource": "CONFIRM",
"url": "http://download.mimesweeper.com/www/TechnicalDocumentation/WebReadMeHotfix5115.htm"
},
{
"name": "20060711 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440140/100/0/threaded"
},
{
"name": "ADV-2006-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2731"
},
{
"name": "18916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18916"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439641/100/0/threaded"
},
{
"name": "20060710 RE: MIMESweeper For Web 5.X Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=115253898206225&w=2"
}
]
}
}

160
2006/3xxx/CVE-2006-3998.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2099",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2099"
},
{
"name" : "http://www.wowroster.net/Forums/viewtopic/t=333.html",
"refsource" : "MISC",
"url" : "http://www.wowroster.net/Forums/viewtopic/t=333.html"
},
{
"name" : "19269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19269"
},
{
"name" : "ADV-2006-3094",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3094"
},
{
"name" : "wowroster-conf-file-include(28101)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28101"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wowroster.net/Forums/viewtopic/t=333.html",
"refsource": "MISC",
"url": "http://www.wowroster.net/Forums/viewtopic/t=333.html"
},
{
"name": "2099",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2099"
},
{
"name": "wowroster-conf-file-include(28101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28101"
},
{
"name": "19269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19269"
},
{
"name": "ADV-2006-3094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3094"
}
]
}
}

240
2006/4xxx/CVE-2006-4052.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060807 [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442422/100/100/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt"
},
{
"name" : "2119",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2119"
},
{
"name" : "ADV-2006-3171",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3171"
},
{
"name" : "27800",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27800"
},
{
"name" : "27801",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27801"
},
{
"name" : "27802",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27802"
},
{
"name" : "27803",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27803"
},
{
"name" : "27804",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27804"
},
{
"name" : "27805",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27805"
},
{
"name" : "1016644",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016644"
},
{
"name" : "21371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21371"
},
{
"name" : "phpsimpleshop-abspath-file-include(28247)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27800"
},
{
"name": "phpsimpleshop-abspath-file-include(28247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28247"
},
{
"name": "20060807 [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442422/100/100/threaded"
},
{
"name": "1016644",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016644"
},
{
"name": "21371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21371"
},
{
"name": "27802",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27802"
},
{
"name": "27801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27801"
},
{
"name": "27803",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27803"
},
{
"name": "http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt"
},
{
"name": "ADV-2006-3171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3171"
},
{
"name": "27804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27804"
},
{
"name": "27805",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27805"
},
{
"name": "2119",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2119"
}
]
}
}

150
2006/4xxx/CVE-2006-4062.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2131",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2131"
},
{
"name" : "ADV-2006-3198",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3198"
},
{
"name" : "21414",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21414"
},
{
"name" : "sapidshop-gettree-file-include(28255)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3198"
},
{
"name": "sapidshop-gettree-file-include(28255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28255"
},
{
"name": "21414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21414"
},
{
"name": "2131",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2131"
}
]
}
}

170
2006/4xxx/CVE-2006-4589.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060902 Dyn CMS <= REleased (x_admindir) Remote File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445264/100/0/threaded"
},
{
"name" : "2290",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2290"
},
{
"name" : "19846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19846"
},
{
"name" : "1016798",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016798"
},
{
"name" : "21729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21729"
},
{
"name" : "dyncms-index-file-include(28717)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28717"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21729"
},
{
"name": "1016798",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016798"
},
{
"name": "dyncms-index-file-include(28717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28717"
},
{
"name": "19846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19846"
},
{
"name": "2290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2290"
},
{
"name": "20060902 Dyn CMS <= REleased (x_admindir) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445264/100/0/threaded"
}
]
}
}

150
2006/4xxx/CVE-2006-4765.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060912 NETGEAR Rotuer DG834GT Firmware V1.01.28 (DoS)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445819/100/0/threaded"
},
{
"name" : "19973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19973"
},
{
"name" : "1575",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1575"
},
{
"name" : "netgear-username-dos(28902)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28902"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060912 NETGEAR Rotuer DG834GT Firmware V1.01.28 (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445819/100/0/threaded"
},
{
"name": "netgear-username-dos(28902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28902"
},
{
"name": "19973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19973"
},
{
"name": "1575",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1575"
}
]
}
}

150
2006/6xxx/CVE-2006-6517.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061209 KDPics Multiple Vulnerabities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453962/100/0/threaded"
},
{
"name" : "21515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21515"
},
{
"name" : "ADV-2006-4930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4930"
},
{
"name" : "23313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23313"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061209 KDPics Multiple Vulnerabities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453962/100/0/threaded"
},
{
"name": "23313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23313"
},
{
"name": "21515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21515"
},
{
"name": "ADV-2006-4930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4930"
}
]
}
}

140
2006/6xxx/CVE-2006-6897.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name" : "37590",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37590",
"refsource": "OSVDB",
"url": "http://osvdb.org/37590"
}
]
}
}

140
2006/7xxx/CVE-2006-7153.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061113 New Bug MiniBB Forum <= 2 Remote File Include (index.php)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451402/100/0/threaded"
},
{
"name" : "2371",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2371"
},
{
"name" : "minibb-index-file-include(30253)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2371",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2371"
},
{
"name": "minibb-index-file-include(30253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30253"
},
{
"name": "20061113 New Bug MiniBB Forum <= 2 Remote File Include (index.php)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451402/100/0/threaded"
}
]
}
}

140
2010/2xxx/CVE-2010-2121.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
},
{
"name" : "http://websecurity.com.ua/4238/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/4238/"
},
{
"name" : "oval:org.mitre.oval:def:11622",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/4238/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4238/"
},
{
"name": "oval:org.mitre.oval:def:11622",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11622"
},
{
"name": "20100528 [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511509/100/0/threaded"
}
]
}
}

150
2010/2xxx/CVE-2010-2192.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz",
"refsource" : "CONFIRM",
"url" : "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz"
},
{
"name" : "DSA-2063",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2063"
},
{
"name" : "40939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40939"
},
{
"name" : "ADV-2010-1520",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz"
},
{
"name": "ADV-2010-1520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1520"
},
{
"name": "40939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40939"
},
{
"name": "DSA-2063",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2063"
}
]
}
}

140
2010/2xxx/CVE-2010-2309.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13735",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13735"
},
{
"name" : "40489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40489"
},
{
"name" : "39988",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39988"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39988"
},
{
"name": "40489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40489"
},
{
"name": "13735",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13735"
}
]
}
}

300
2010/2xxx/CVE-2010-2641.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=666314",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=666314"
},
{
"name" : "DSA-2357",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2357"
},
{
"name" : "FEDORA-2011-0208",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name" : "FEDORA-2011-0224",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name" : "MDVSA-2011:005",
"refsource" : "MANDRIVA",
"url" : "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name" : "RHSA-2011:0009",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name" : "USN-1035-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name" : "45678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45678"
},
{
"name" : "1024937",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024937"
},
{
"name" : "42769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42769"
},
{
"name" : "42821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42821"
},
{
"name" : "42847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42847"
},
{
"name" : "42872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42872"
},
{
"name" : "ADV-2011-0029",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name" : "ADV-2011-0043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name" : "ADV-2011-0056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name" : "ADV-2011-0097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name" : "ADV-2011-0102",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:005",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name": "42872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42872"
},
{
"name": "ADV-2011-0043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name": "ADV-2011-0029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name": "FEDORA-2011-0224",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name": "42769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42769"
},
{
"name": "ADV-2011-0097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name": "DSA-2357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2357"
},
{
"name": "USN-1035-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name": "ADV-2011-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name": "42821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42821"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=666314",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666314"
},
{
"name": "ADV-2011-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name": "RHSA-2011:0009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name": "1024937",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024937"
},
{
"name": "FEDORA-2011-0208",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name": "45678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45678"
},
{
"name": "42847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42847"
}
]
}
}

190
2010/3xxx/CVE-2010-3492.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"name" : "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name" : "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name" : "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name" : "http://bugs.python.org/issue6706",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue6706"
},
{
"name" : "MDVSA-2010:216",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
},
{
"name" : "MDVSA-2010:215",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
},
{
"name" : "oval:org.mitre.oval:def:12111",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
},
{
"name": "http://bugs.python.org/issue6706",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue6706"
},
{
"name": "MDVSA-2010:216",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
},
{
"name": "oval:org.mitre.oval:def:12111",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111"
},
{
"name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
},
{
"name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
},
{
"name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
},
{
"name": "MDVSA-2010:215",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
}
]
}
}

240
2010/3xxx/CVE-2010-3699.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "RHSA-2011:0004",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name" : "SUSE-SA:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"name" : "45039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45039"
},
{
"name" : "1024786",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024786"
},
{
"name" : "42372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42372"
},
{
"name" : "42789",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42789"
},
{
"name" : "43056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43056"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "ADV-2011-0024",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name" : "ADV-2011-0213",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42789"
},
{
"name": "43056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43056"
},
{
"name": "ADV-2011-0024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "1024786",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024786"
},
{
"name": "SUSE-SA:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
},
{
"name": "42372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42372"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b",
"refsource": "CONFIRM",
"url": "http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b"
},
{
"name": "45039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45039"
},
{
"name": "ADV-2011-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0213"
}
]
}
}

34
2010/3xxx/CVE-2010-3722.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3722",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3722",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

140
2011/0xxx/CVE-2011-0211.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4723",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4723"
},
{
"name" : "APPLE-SA-2011-06-23-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2011-08-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}

210
2011/0xxx/CVE-2011-0228.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110725 TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518982/100/0/threaded"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt"
},
{
"name" : "http://support.apple.com/kb/HT4824",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4824"
},
{
"name" : "http://support.apple.com/kb/HT4825",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4825"
},
{
"name" : "APPLE-SA-2011-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html"
},
{
"name" : "APPLE-SA-2011-07-25-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html"
},
{
"name" : "48877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48877"
},
{
"name" : "1025837",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025837"
},
{
"name" : "45369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45369"
},
{
"name" : "8361",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt"
},
{
"name": "48877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48877"
},
{
"name": "http://support.apple.com/kb/HT4824",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4824"
},
{
"name": "45369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45369"
},
{
"name": "20110725 TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518982/100/0/threaded"
},
{
"name": "APPLE-SA-2011-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT4825",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4825"
},
{
"name": "8361",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8361"
},
{
"name": "1025837",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025837"
}
]
}
}

150
2011/0xxx/CVE-2011-0754.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.php.net/51763",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/51763"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "oval:org.mitre.oval:def:12334",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334"
},
{
"name" : "php-splfileinfogettype-symlink(65429)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.php.net/51763",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/51763"
},
{
"name": "php-splfileinfogettype-symlink(65429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65429"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "oval:org.mitre.oval:def:12334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334"
}
]
}
}

260
2011/0xxx/CVE-2011-0983.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=69556",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=69556"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html"
},
{
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190",
"refsource" : "CONFIRM",
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190"
},
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "DSA-2166",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2166"
},
{
"name" : "46262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46262"
},
{
"name" : "oval:org.mitre.oval:def:14543",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14543"
},
{
"name" : "43342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43342"
},
{
"name" : "43368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43368"
},
{
"name" : "ADV-2011-0408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0408"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43368"
},
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190"
},
{
"name": "43342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43342"
},
{
"name": "oval:org.mitre.oval:def:14543",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14543"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "DSA-2166",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2166"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "ADV-2011-0408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0408"
},
{
"name": "46262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46262"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=69556",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=69556"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

180
2011/1xxx/CVE-2011-1335.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"address book and user list functions.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cs.cybozu.co.jp/information/20100816notice05.php",
"refsource" : "CONFIRM",
"url" : "http://cs.cybozu.co.jp/information/20100816notice05.php"
},
{
"name" : "JVN#55508059",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN55508059/index.html"
},
{
"name" : "JVNDB-2011-000047",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047"
},
{
"name" : "48446",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48446"
},
{
"name" : "73320",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/73320"
},
{
"name" : "44992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44992"
},
{
"name" : "45050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"address book and user list functions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20100816notice05.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20100816notice05.php"
},
{
"name": "44992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44992"
},
{
"name": "45050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45050"
},
{
"name": "73320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73320"
},
{
"name": "48446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVNDB-2011-000047",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047"
},
{
"name": "JVN#55508059",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55508059/index.html"
}
]
}
}

34
2011/1xxx/CVE-2011-1501.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1501",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1571. Reason: This candidate is a duplicate of CVE-2011-1571. Notes: All CVE users should reference CVE-2011-1571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-1501",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1571. Reason: This candidate is a duplicate of CVE-2011-1571. Notes: All CVE users should reference CVE-2011-1571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

310
2011/1xxx/CVE-2011-1589.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"name" : "[oss-security] 20110418 CVE request: Mojolicious",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"name" : "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"name" : "http://perlninja.posterous.com/sharks-in-the-water",
"refsource" : "MISC",
"url" : "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes",
"refsource" : "CONFIRM",
"url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"name" : "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=697229",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"name" : "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818",
"refsource" : "CONFIRM",
"url" : "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"name" : "https://github.com/kraih/mojo/issues/114",
"refsource" : "CONFIRM",
"url" : "https://github.com/kraih/mojo/issues/114"
},
{
"name" : "DSA-2221",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2221"
},
{
"name" : "FEDORA-2011-5504",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
},
{
"name" : "FEDORA-2011-5505",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"name" : "47402",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47402"
},
{
"name" : "71850",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/71850"
},
{
"name" : "44051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44051"
},
{
"name" : "44359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44359"
},
{
"name" : "ADV-2011-1072",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1072"
},
{
"name" : "ADV-2011-1093",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1093"
},
{
"name" : "mojolicious-url-directory-traversal(66830)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://perlninja.posterous.com/sharks-in-the-water",
"refsource": "MISC",
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"name": "DSA-2221",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"name": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz",
"refsource": "CONFIRM",
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"name": "ADV-2011-1072",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"name": "https://github.com/kraih/mojo/issues/114",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/issues/114"
},
{
"name": "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"name": "FEDORA-2011-5505",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"name": "44359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44359"
},
{
"name": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"name": "44051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44051"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "ADV-2011-1093",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"name": "71850",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71850"
},
{
"name": "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"name": "47402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47402"
},
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"name": "mojolicious-url-directory-traversal(66830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"name": "[oss-security] 20110418 CVE request: Mojolicious",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=697229",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"name": "FEDORA-2011-5504",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
}
]
}
}

200
2011/1xxx/CVE-2011-1847.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119"
},
{
"name" : "IC71413",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
},
{
"name" : "IC72119",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
},
{
"name" : "47525",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47525"
},
{
"name" : "oval:org.mitre.oval:def:14122",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
},
{
"name" : "44229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44229"
},
{
"name" : "ADV-2011-1083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1083"
},
{
"name" : "ibm-db2-rds-sec-bypass(66979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1083"
},
{
"name": "IC72119",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119"
},
{
"name": "ibm-db2-rds-sec-bypass(66979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66979"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC72119"
},
{
"name": "47525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47525"
},
{
"name": "oval:org.mitre.oval:def:14122",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC71413"
},
{
"name": "IC71413",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413"
},
{
"name": "44229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44229"
}
]
}
}

34
2011/4xxx/CVE-2011-4076.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4076",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4076",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2011/5xxx/CVE-2011-5116.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18065",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18065"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5053.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5053.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18065",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18065"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5053.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5053.php"
}
]
}
}

120
2011/5xxx/CVE-2011-5312.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx, or (4) the q parameter to product/list.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB22830",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB22830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx, or (4) the q parameter to product/list.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22830",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22830"
}
]
}
}

140
2014/2xxx/CVE-2014-2318.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/125507",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125507"
},
{
"name" : "65942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65942"
},
{
"name" : "netvolution-m-sql-injection(91543)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netvolution-m-sql-injection(91543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91543"
},
{
"name": "65942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65942"
},
{
"name": "http://packetstormsecurity.com/files/125507",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125507"
}
]
}
}

120
2014/3xxx/CVE-2014-3518.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2014:0887",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0887.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0887",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0887.html"
}
]
}
}

140
2014/3xxx/CVE-2014-3877.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name" : "https://www.lsexperts.de/advisories/lse-2014-05-22.txt",
"refsource" : "MISC",
"url" : "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
},
{
"name" : "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource" : "CONFIRM",
"url" : "http://fex.rus.uni-stuttgart.de/fex.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt",
"refsource": "MISC",
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
]
}
}

130
2014/3xxx/CVE-2014-3930.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt",
"refsource" : "MISC",
"url" : "http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt"
},
{
"name" : "https://hackerone.com/reports/16330",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/16330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt",
"refsource": "MISC",
"url": "http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt"
},
{
"name": "https://hackerone.com/reports/16330",
"refsource": "MISC",
"url": "https://hackerone.com/reports/16330"
}
]
}
}

230
2014/6xxx/CVE-2014-6032.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141030 CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/128"
},
{
"name" : "20141030 CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/129"
},
{
"name" : "20141030 Re: CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/130"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/"
},
{
"name" : "http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html"
},
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html"
},
{
"name" : "70834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70834"
},
{
"name" : "1031144",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031144"
},
{
"name" : "1031145",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031145"
},
{
"name" : "bigip-cve20146032-info-disc(98402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98402"
},
{
"name" : "bigip-cve20146033-info-disc(98403)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031145",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031145"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/"
},
{
"name": "1031144",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031144"
},
{
"name": "20141030 CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/128"
},
{
"name": "bigip-cve20146033-info-disc(98403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98403"
},
{
"name": "bigip-cve20146032-info-disc(98402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98402"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html"
},
{
"name": "20141030 CVE-2014-6033 - XML External Entity Injection in F5 Networks Big-IP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/129"
},
{
"name": "20141030 Re: CVE-2014-6032 - XML External Entity Injection in F5 Networks Big-IP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/130"
},
{
"name": "70834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70834"
},
{
"name": "http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/"
}
]
}
}

120
2014/6xxx/CVE-2014-6325.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"OWA XSS Vulnerability,\" a different vulnerability than CVE-2014-6326."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-075",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"OWA XSS Vulnerability,\" a different vulnerability than CVE-2014-6326."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-075",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075"
}
]
}
}

220
2014/6xxx/CVE-2014-6424.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-14.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1676",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1676"
},
{
"name" : "DSA-3049",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3049"
},
{
"name" : "RHSA-2014:1676",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
},
{
"name" : "SUSE-SU-2014:1221",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html"
},
{
"name" : "openSUSE-SU-2014:1249",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html"
},
{
"name" : "60578",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60578"
},
{
"name" : "60280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60280"
},
{
"name" : "61929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1676",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1676"
},
{
"name": "openSUSE-SU-2014:1249",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html"
},
{
"name": "RHSA-2014:1676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81"
},
{
"name": "DSA-3049",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3049"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2014-14.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2014-14.html"
},
{
"name": "SUSE-SU-2014:1221",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html"
},
{
"name": "60280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60280"
},
{
"name": "60578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60578"
},
{
"name": "61929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61929"
}
]
}
}

140
2014/6xxx/CVE-2014-6748.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#518609",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/518609"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#518609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/518609"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6801.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The frank matano (aka com.frank.matano) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#106329",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/106329"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frank matano (aka com.frank.matano) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#106329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/106329"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6947.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6947",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#133961",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/133961"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#133961",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/133961"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7071.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Autocar India (aka com.magzter.autocarindia) application 3.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#736321",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/736321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autocar India (aka com.magzter.autocarindia) application 3.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#736321",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/736321"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7709.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7709",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7709",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7762.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#262177",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/262177"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#262177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/262177"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/8xxx/CVE-2014-8003.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36562",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36562"
},
{
"name" : "20141201 Cisco Integrated Management Controller Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141201 Cisco Integrated Management Controller Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36562",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36562"
}
]
}
}

34
2014/8xxx/CVE-2014-8842.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8842",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8842",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2083",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2083",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2455.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2455",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2455",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

370
2016/2xxx/CVE-2016-2796.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243816",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243816"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "DSA-3510",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3510"
},
{
"name" : "DSA-3515",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3515"
},
{
"name" : "DSA-3520",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3520"
},
{
"name" : "GLSA-201605-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201605-06"
},
{
"name" : "GLSA-201701-63",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-63"
},
{
"name" : "openSUSE-SU-2016:0894",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name" : "openSUSE-SU-2016:1767",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:1769",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:1778",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name" : "SUSE-SU-2016:0909",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name" : "SUSE-SU-2016:0727",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name" : "SUSE-SU-2016:0777",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name" : "openSUSE-SU-2016:0731",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name" : "openSUSE-SU-2016:0733",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name" : "SUSE-SU-2016:0820",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name" : "openSUSE-SU-2016:0876",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name" : "USN-2917-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name" : "USN-2917-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"name" : "USN-2934-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name" : "USN-2917-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name" : "USN-2927-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name" : "84222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84222"
},
{
"name" : "1035215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243816",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243816"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}

34
2016/2xxx/CVE-2016-2900.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2900",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2900",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/18xxx/CVE-2017-18051.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2017-18051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2017-18051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93",
"refsource" : "MISC",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=38fba6a9f6ca3c7bf0c4c1bd84fa2b89fbcaeb93"
}
]
}
}

130
2017/18xxx/CVE-2017-18056.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name" : "103254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name": "103254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103254"
}
]
}
}

156
2017/1xxx/CVE-2017-1270.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-18T00:00:00",
"ID" : "CVE-2017-1270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.1.2"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-1270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.1"
},
{
"version_value": "10.1.2"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124745",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124745"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010439",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010439",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010439"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124745",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124745"
}
]
}
}

142
2017/1xxx/CVE-2017-1550.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-29T00:00:00",
"ID" : "CVE-2017-1550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-29T00:00:00",
"ID": "CVE-2017-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131290",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131290"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010758",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010758"
},
{
"name" : "102184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131290",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131290"
},
{
"name": "102184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102184"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010758",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010758"
}
]
}
}

198
2017/1xxx/CVE-2017-1711.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-02-08T00:00:00",
"ID" : "CVE-2017-1711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Client Application Access",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0.1"
},
{
"version_value" : "1.0.1.1"
},
{
"version_value" : "1.0.1.2"
}
]
}
},
{
"product_name" : "Notes",
"version" : {
"version_data" : [
{
"version_value" : "8.5.3.6"
},
{
"version_value" : "8.5.1.5"
},
{
"version_value" : "8.5.2.4"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.1.9"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2017-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Client Application Access",
"version": {
"version_data": [
{
"version_value": "1.0.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "1.0.1.2"
}
]
}
},
{
"product_name": "Notes",
"version": {
"version_data": [
{
"version_value": "8.5.3.6"
},
{
"version_value": "8.5.1.5"
},
{
"version_value": "8.5.2.4"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010774",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010775",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010774"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010775",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010775"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134532"
}
]
}
}

34
2017/1xxx/CVE-2017-1887.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1887",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1887",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/5xxx/CVE-2017-5267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5267",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5267",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

224
2017/5xxx/CVE-2017-5536.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-05-01T16:00:00.000Z",
"ID" : "CVE-2017-5536",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO DataSynapse GridServer Manager",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "5.1.3"
},
{
"affected" : "=",
"version_value" : "6.0.0"
},
{
"affected" : "=",
"version_value" : "6.0.1"
},
{
"affected" : "=",
"version_value" : "6.0.2"
},
{
"affected" : "=",
"version_value" : "6.1.0"
},
{
"affected" : "=",
"version_value" : "6.1.1"
},
{
"affected" : "=",
"version_value" : "6.2.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components."
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-05-01T16:00:00.000Z",
"ID": "CVE-2017-5536",
"STATE": "PUBLIC",
"TITLE": "TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO DataSynapse GridServer Manager",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "5.1.3"
},
{
"affected": "=",
"version_value": "6.0.0"
},
{
"affected": "=",
"version_value": "6.0.1"
},
{
"affected": "=",
"version_value": "6.0.2"
},
{
"affected": "=",
"version_value": "6.1.0"
},
{
"affected": "=",
"version_value": "6.1.1"
},
{
"affected": "=",
"version_value": "6.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher"
}
],
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

130
2017/5xxx/CVE-2017-5622.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://alephsecurity.com/vulns/aleph-2017004",
"refsource" : "MISC",
"url" : "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name" : "97092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017004",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97092"
}
]
}
}

142
2017/5xxx/CVE-2017-5826.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-05-25T00:00:00",
"ID" : "CVE-2017-5826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Aruba ClearPass Policy Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.6.x"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authenticated remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-05-25T00:00:00",
"ID": "CVE-2017-5826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.6.x"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
},
{
"name" : "98722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authenticated remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
},
{
"name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
},
{
"name": "98722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98722"
}
]
}
}