admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:25:17 +00:00
parent e4b6bd17a6
commit 6646e2a3a9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3368 additions and 3368 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/2xxx/CVE-2006-2102.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060428 WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432359/100/0/threaded"
},
{
"name" : "http://secway.org/advisory/AD20060428.txt",
"refsource" : "MISC",
"url" : "http://secway.org/advisory/AD20060428.txt"
},
{
"name" : "17726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17726"
},
{
"name" : "ADV-2006-1570",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1570"
},
{
"name" : "1016008",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016008"
},
{
"name" : "19858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19858"
},
{
"name" : "815",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/815"
},
{
"name" : "iso-dotdot-directory-traversal(26140)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26140"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016008",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016008"
},
{
"name": "19858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19858"
},
{
"name": "iso-dotdot-directory-traversal(26140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26140"
},
{
"name": "17726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17726"
},
{
"name": "815",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/815"
},
{
"name": "http://secway.org/advisory/AD20060428.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20060428.txt"
},
{
"name": "20060428 WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432359/100/0/threaded"
},
{
"name": "ADV-2006-1570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1570"
}
]
}
}

190
2006/2xxx/CVE-2006-2404.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060514 RadLance Local Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434327/100/0/threaded"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/RadLance-0515-lfi.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/RadLance-0515-lfi.pl"
},
{
"name" : "http://www.securiteam.com/exploits/5VP0C1FIKY.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5VP0C1FIKY.html"
},
{
"name" : "17975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17975"
},
{
"name" : "ADV-2006-1816",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1816"
},
{
"name" : "25522",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25522"
},
{
"name" : "20133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20133"
},
{
"name" : "radlancegold-popup-file-include(26492)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/exploits/5VP0C1FIKY.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5VP0C1FIKY.html"
},
{
"name": "20060514 RadLance Local Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434327/100/0/threaded"
},
{
"name": "20133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20133"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/RadLance-0515-lfi.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/RadLance-0515-lfi.pl"
},
{
"name": "25522",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25522"
},
{
"name": "17975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17975"
},
{
"name": "ADV-2006-1816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1816"
},
{
"name": "radlancegold-popup-file-include(26492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26492"
}
]
}
}

140
2006/2xxx/CVE-2006-2646.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '\"' (double quote)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060528 *zeroday warez* MDAEMON LATEST VERSION PREAUTH",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=114882270912151&w=2"
},
{
"name" : "18129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18129"
},
{
"name" : "1016167",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016167"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '\"' (double quote)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18129"
},
{
"name": "1016167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016167"
},
{
"name": "20060528 *zeroday warez* MDAEMON LATEST VERSION PREAUTH",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=114882270912151&w=2"
}
]
}
}

130
2006/3xxx/CVE-2006-3224.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060519 Apple Safari 2.0.3 (417.9.3) JavaScript - Denial of Service",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046150.html"
},
{
"name" : "safari-javascript-dos(26558)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26558"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060519 Apple Safari 2.0.3 (417.9.3) JavaScript - Denial of Service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046150.html"
},
{
"name": "safari-javascript-dos(26558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26558"
}
]
}
}

170
2006/3xxx/CVE-2006-3579.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-73368472-76686161.html",
"refsource" : "CONFIRM",
"url" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-73368472-76686161.html"
},
{
"name" : "JVN#73368472",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2373368472/index.html"
},
{
"name" : "JVN#76686161",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2376686161/index.html"
},
{
"name" : "18950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18950"
},
{
"name" : "27105",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27105"
},
{
"name" : "21011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18950"
},
{
"name": "21011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21011"
},
{
"name": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-73368472-76686161.html",
"refsource": "CONFIRM",
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-73368472-76686161.html"
},
{
"name": "JVN#73368472",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2373368472/index.html"
},
{
"name": "27105",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27105"
},
{
"name": "JVN#76686161",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2376686161/index.html"
}
]
}
}

130
2006/3xxx/CVE-2006-3599.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060630 Module's Name \"Classifieds\" SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438817/100/100/threaded"
},
{
"name" : "phpnuke-module-sqlinjection(27501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060630 Module's Name \"Classifieds\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438817/100/100/threaded"
},
{
"name": "phpnuke-module-sqlinjection(27501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
]
}
}

200
2006/3xxx/CVE-2006-3683.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060614 Flipper Poll (root_path) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=115031160401269&w=2"
},
{
"name" : "20060713 Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439971/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/0606-exploits/flipper.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0606-exploits/flipper.txt"
},
{
"name" : "18461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18461"
},
{
"name" : "ADV-2006-2353",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2353"
},
{
"name" : "26503",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26503"
},
{
"name" : "1016489",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016489"
},
{
"name" : "20632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20632"
},
{
"name" : "flipperpoll-poll-file-include(27203)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26503",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26503"
},
{
"name": "http://packetstormsecurity.org/0606-exploits/flipper.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0606-exploits/flipper.txt"
},
{
"name": "20060614 Flipper Poll (root_path) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=115031160401269&w=2"
},
{
"name": "20060713 Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439971/100/0/threaded"
},
{
"name": "1016489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016489"
},
{
"name": "flipperpoll-poll-file-include(27203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27203"
},
{
"name": "ADV-2006-2353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2353"
},
{
"name": "18461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18461"
},
{
"name": "20632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20632"
}
]
}
}

170
2006/4xxx/CVE-2006-4276.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2220",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2220"
},
{
"name" : "19612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19612"
},
{
"name" : "ADV-2006-3335",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3335"
},
{
"name" : "28028",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28028"
},
{
"name" : "21572",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21572"
},
{
"name" : "tuttinova-tnlib-file-include(28471)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tuttinova-tnlib-file-include(28471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28471"
},
{
"name": "28028",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28028"
},
{
"name": "2220",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2220"
},
{
"name": "21572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21572"
},
{
"name": "19612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19612"
},
{
"name": "ADV-2006-3335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3335"
}
]
}
}

290
2006/6xxx/CVE-2006-6120.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061205 [KOffice security advisory] KOffice OLEfilter integer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453550/100/0/threaded"
},
{
"name" : "http://websvn.kde.org/branches/koffice/1.6/koffice/filters/olefilters/lib/klaola.cc?rev=607037&r1=566347&r2=607037",
"refsource" : "MISC",
"url" : "http://websvn.kde.org/branches/koffice/1.6/koffice/filters/olefilters/lib/klaola.cc?rev=607037&r1=566347&r2=607037"
},
{
"name" : "http://www.kde.org/info/security/advisory-20061204-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20061204-1.txt"
},
{
"name" : "http://www.koffice.org/announcements/changelog-1.6.1.php",
"refsource" : "CONFIRM",
"url" : "http://www.koffice.org/announcements/changelog-1.6.1.php"
},
{
"name" : "GLSA-200612-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200612-05.xml"
},
{
"name" : "MDKSA-2006:222",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:222"
},
{
"name" : "RHSA-2007:0010",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0010.html"
},
{
"name" : "SUSE-SR:2006:029",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name" : "USN-388-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-388-1"
},
{
"name" : "21354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21354"
},
{
"name" : "ADV-2006-4771",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4771"
},
{
"name" : "1017318",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017318"
},
{
"name" : "23143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23143"
},
{
"name" : "23162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23162"
},
{
"name" : "23220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23220"
},
{
"name" : "23409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23409"
},
{
"name" : "24218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24218"
},
{
"name" : "koffice-readbigblockdepot-overflow(30624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4771",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4771"
},
{
"name": "23220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23220"
},
{
"name": "23143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23143"
},
{
"name": "21354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21354"
},
{
"name": "http://websvn.kde.org/branches/koffice/1.6/koffice/filters/olefilters/lib/klaola.cc?rev=607037&r1=566347&r2=607037",
"refsource": "MISC",
"url": "http://websvn.kde.org/branches/koffice/1.6/koffice/filters/olefilters/lib/klaola.cc?rev=607037&r1=566347&r2=607037"
},
{
"name": "1017318",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017318"
},
{
"name": "23409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23409"
},
{
"name": "24218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24218"
},
{
"name": "USN-388-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-388-1"
},
{
"name": "MDKSA-2006:222",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:222"
},
{
"name": "GLSA-200612-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-05.xml"
},
{
"name": "RHSA-2007:0010",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0010.html"
},
{
"name": "20061205 [KOffice security advisory] KOffice OLEfilter integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453550/100/0/threaded"
},
{
"name": "http://www.koffice.org/announcements/changelog-1.6.1.php",
"refsource": "CONFIRM",
"url": "http://www.koffice.org/announcements/changelog-1.6.1.php"
},
{
"name": "SUSE-SR:2006:029",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
},
{
"name": "koffice-readbigblockdepot-overflow(30624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30624"
},
{
"name": "23162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23162"
},
{
"name": "http://www.kde.org/info/security/advisory-20061204-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20061204-1.txt"
}
]
}
}

220
2006/6xxx/CVE-2006-6222.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061213 ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454313/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-049.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-049.html"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html"
},
{
"name" : "VU#607312",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/607312"
},
{
"name" : "21565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21565"
},
{
"name" : "ADV-2006-4999",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4999"
},
{
"name" : "1017379",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017379"
},
{
"name" : "23368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23368"
},
{
"name" : "2033",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2033"
},
{
"name" : "netbackup-long-request-bo(30882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30882"
},
{
"name" : "netbackup-connect-options-bo(30883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-049.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-049.html"
},
{
"name": "VU#607312",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/607312"
},
{
"name": "23368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23368"
},
{
"name": "netbackup-long-request-bo(30882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30882"
},
{
"name": "netbackup-connect-options-bo(30883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30883"
},
{
"name": "1017379",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017379"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html"
},
{
"name": "20061213 ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454313/100/0/threaded"
},
{
"name": "21565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21565"
},
{
"name": "ADV-2006-4999",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4999"
},
{
"name": "2033",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2033"
}
]
}
}

150
2006/6xxx/CVE-2006-6975.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061028 CentiPaid <= 1.4.2 [$class_pwd] Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html"
},
{
"name" : "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html"
},
{
"name" : "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html"
},
{
"name" : "31638",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0494.html"
},
{
"name": "20061028 CentiPaid <= 1.4.2 [$class_pwd] Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0472.html"
},
{
"name": "20061030 Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0499.html"
},
{
"name": "31638",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31638"
}
]
}
}

180
2006/7xxx/CVE-2006-7066.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090725 DoS vulnerabilities in Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"name" : "http://blogs.securiteam.com/index.php/archives/554",
"refsource" : "MISC",
"url" : "http://blogs.securiteam.com/index.php/archives/554"
},
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html"
},
{
"name" : "http://websecurity.com.ua/3130/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3130/"
},
{
"name" : "19228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19228"
},
{
"name" : "27533",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27533"
},
{
"name" : "ie-deleted-frame-dos(28068)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090725 DoS vulnerabilities in Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html"
},
{
"name": "http://websecurity.com.ua/3130/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3130/"
},
{
"name": "19228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19228"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html"
},
{
"name": "ie-deleted-frame-dos(28068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28068"
},
{
"name": "27533",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27533"
},
{
"name": "http://blogs.securiteam.com/index.php/archives/554",
"refsource": "MISC",
"url": "http://blogs.securiteam.com/index.php/archives/554"
}
]
}
}

170
2011/0xxx/CVE-2011-0255.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

34
2011/0xxx/CVE-2011-0933.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0933",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0933",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2011/1xxx/CVE-2011-1276.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka \"Excel Buffer Overrun Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-045",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
},
{
"name" : "72924",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72924"
},
{
"name" : "oval:org.mitre.oval:def:12451",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
},
{
"name" : "8330",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka \"Excel Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72924",
"refsource": "OSVDB",
"url": "http://osvdb.org/72924"
},
{
"name": "8330",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8330"
},
{
"name": "oval:org.mitre.oval:def:12451",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12451"
},
{
"name": "MS11-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045"
}
]
}
}

190
2011/1xxx/CVE-2011-1401.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ikiwiki.info/security/#index39h2",
"refsource" : "CONFIRM",
"url" : "http://ikiwiki.info/security/#index39h2"
},
{
"name" : "DSA-2214",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2214"
},
{
"name" : "FEDORA-2011-5249",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
},
{
"name" : "47285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47285"
},
{
"name" : "44079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44079"
},
{
"name" : "44137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44137"
},
{
"name" : "ADV-2011-0907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0907"
},
{
"name" : "ADV-2011-1005",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2214",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2214"
},
{
"name": "ADV-2011-1005",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1005"
},
{
"name": "ADV-2011-0907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0907"
},
{
"name": "44137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44137"
},
{
"name": "http://ikiwiki.info/security/#index39h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index39h2"
},
{
"name": "44079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44079"
},
{
"name": "47285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47285"
},
{
"name": "FEDORA-2011-5249",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
}
]
}
}

330
2011/1xxx/CVE-2011-1526.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518733/100/0/threaded"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419"
},
{
"name" : "DSA-2283",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2283"
},
{
"name" : "FEDORA-2011-9080",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html"
},
{
"name" : "FEDORA-2011-9109",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html"
},
{
"name" : "MDVSA-2011:117",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:117"
},
{
"name" : "RHSA-2011:0920",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0920.html"
},
{
"name" : "openSUSE-SU-2011:1169",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html"
},
{
"name" : "SUSE-SU-2012:0010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name" : "SUSE-SU-2012:0018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name" : "SUSE-SU-2012:0042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name" : "SUSE-SU-2012:0050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name" : "openSUSE-SU-2012:0019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name" : "openSUSE-SU-2012:0051",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"name" : "48571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48571"
},
{
"name" : "73617",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/73617"
},
{
"name" : "45145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45145"
},
{
"name" : "45157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45157"
},
{
"name" : "48101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48101"
},
{
"name" : "8301",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8301"
},
{
"name" : "kerberos-krb5appl-priv-esc(68398)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "SUSE-SU-2012:0018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name": "RHSA-2011:0920",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0920.html"
},
{
"name": "48101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48101"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt"
},
{
"name": "openSUSE-SU-2011:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html"
},
{
"name": "openSUSE-SU-2012:0019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name": "kerberos-krb5appl-priv-esc(68398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68398"
},
{
"name": "SUSE-SU-2012:0050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name": "45145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45145"
},
{
"name": "openSUSE-SU-2012:0051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=711419",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711419"
},
{
"name": "SUSE-SU-2012:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "45157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45157"
},
{
"name": "8301",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8301"
},
{
"name": "MDVSA-2011:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:117"
},
{
"name": "FEDORA-2011-9109",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html"
},
{
"name": "48571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48571"
},
{
"name": "73617",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73617"
},
{
"name": "DSA-2283",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2283"
},
{
"name": "20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518733/100/0/threaded"
},
{
"name": "FEDORA-2011-9080",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html"
}
]
}
}

140
2011/3xxx/CVE-2011-3701.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/AlegroCart_1.2.3",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/AlegroCart_1.2.3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AlegroCart 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by common.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/AlegroCart_1.2.3",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/AlegroCart_1.2.3"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

140
2011/3xxx/CVE-2011-3798.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/rapidleech-2.3-v42-svn322",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/rapidleech-2.3-v42-svn322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/rapidleech-2.3-v42-svn322",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/rapidleech-2.3-v42-svn322"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

160
2011/4xxx/CVE-2011-4089.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18147",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18147"
},
{
"name" : "20111025 Re: Symlink vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Oct/804"
},
{
"name" : "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/10/28/16"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"
},
{
"name" : "USN-1308-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1308-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111025 Re: Symlink vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Oct/804"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"
},
{
"name": "USN-1308-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1308-1"
},
{
"name": "18147",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18147"
},
{
"name": "[oss-security] 20111028 Re: Request for CVE Identifier: bzexe insecure\ttemporary file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/28/16"
}
]
}
}

34
2011/4xxx/CVE-2011-4630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2011/4xxx/CVE-2011-4785.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4785",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/521165"
},
{
"name" : "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"name" : "HPSBPI02733",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/521160"
},
{
"name" : "SSRT100646",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/521160"
},
{
"name" : "51329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51329"
},
{
"name" : "78224",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78224"
},
{
"name" : "47457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47457"
},
{
"name" : "hp-laserjet-unspecified-unauth-access(72227)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02733",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "78224",
"refsource": "OSVDB",
"url": "http://osvdb.org/78224"
},
{
"name": "47457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47457"
},
{
"name": "SSRT100646",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/521165"
},
{
"name": "hp-laserjet-unspecified-unauth-access(72227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
},
{
"name": "51329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51329"
}
]
}
}

150
2013/5xxx/CVE-2013-5648.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \\ (backslash) in a DDOC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup",
"refsource" : "CONFIRM",
"url" : "http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup"
},
{
"name" : "http://www.id.ee/?lang=en&id=34283#3_7_2",
"refsource" : "CONFIRM",
"url" : "http://www.id.ee/?lang=en&id=34283#3_7_2"
},
{
"name" : "https://bugs.mageia.org/show_bug.cgi?id=11100",
"refsource" : "CONFIRM",
"url" : "https://bugs.mageia.org/show_bug.cgi?id=11100"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1002299",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1002299"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \\ (backslash) in a DDOC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.id.ee/?lang=en&id=34283#3_7_2",
"refsource": "CONFIRM",
"url": "http://www.id.ee/?lang=en&id=34283#3_7_2"
},
{
"name": "https://bugs.mageia.org/show_bug.cgi?id=11100",
"refsource": "CONFIRM",
"url": "https://bugs.mageia.org/show_bug.cgi?id=11100"
},
{
"name": "http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup",
"refsource": "CONFIRM",
"url": "http://svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1002299",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002299"
}
]
}
}

150
2014/2xxx/CVE-2014-2118.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"name" : "20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
},
{
"name" : "66488",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66488"
},
{
"name" : "1029968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66488"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33542"
},
{
"name": "1029968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029968"
},
{
"name": "20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118"
}
]
}
}

170
2014/2xxx/CVE-2014-2124.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33413",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33413"
},
{
"name" : "20140319 Cisco IOS Software Sup2T Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2124"
},
{
"name" : "66301",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66301"
},
{
"name" : "1029942",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029942"
},
{
"name" : "57515",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57515"
},
{
"name" : "ciscoios-cve20142124-dos(91904)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33413",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33413"
},
{
"name": "1029942",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029942"
},
{
"name": "66301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66301"
},
{
"name": "20140319 Cisco IOS Software Sup2T Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2124"
},
{
"name": "57515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57515"
},
{
"name": "ciscoios-cve20142124-dos(91904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91904"
}
]
}
}

34
2014/2xxx/CVE-2014-2569.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2569",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2569",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/2xxx/CVE-2014-2622.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-2622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF02913",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484"
},
{
"name" : "SSRT101552",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484"
},
{
"name" : "68547",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68547"
},
{
"name" : "1030568",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030568"
},
{
"name" : "hp-imc-cve20142622-info-disc(94492)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-imc-cve20142622-info-disc(94492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94492"
},
{
"name": "HPSBHF02913",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484"
},
{
"name": "SSRT101552",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484"
},
{
"name": "1030568",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030568"
},
{
"name": "68547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68547"
}
]
}
}

120
2014/6xxx/CVE-2014-6366.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-080",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
}
]
}
}

140
2014/6xxx/CVE-2014-6851.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#336889",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/336889"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#336889",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/336889"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6990.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#561289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/561289"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#561289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/561289"
}
]
}
}

34
2014/7xxx/CVE-2014-7322.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7322",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7322",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7547.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#785601",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/785601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#785601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/785601"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7596.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#455161",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/455161"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#455161",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/455161"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7600.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7600",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7600",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

150
2017/0xxx/CVE-2017-0202.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "Internet Explorer 11"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41941",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41941/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202"
},
{
"name" : "97441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97441"
},
{
"name" : "1038238",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038238"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202"
},
{
"name": "41941",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41941/"
},
{
"name": "1038238",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038238"
},
{
"name": "97441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97441"
}
]
}
}

34
2017/0xxx/CVE-2017-0206.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0206",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0206",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/0xxx/CVE-2017-0344.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2017-0344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure, Escalation of Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462"
}
]
}
}

158
2017/0xxx/CVE-2017-0415.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-02-01.html"
},
{
"name" : "96089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96089"
},
{
"name" : "1037798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96089"
},
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}

132
2017/0xxx/CVE-2017-0670.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99470",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99470"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
}

120
2017/1000xxx/CVE-2017-1000203.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"ID" : "CVE-2017-1000203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e",
"refsource" : "CONFIRM",
"url" : "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e",
"refsource": "CONFIRM",
"url": "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e"
}
]
}
}

132
2017/18xxx/CVE-2017-18081.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-02-02T00:00:00",
"ID" : "CVE-2017-18081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bamboo",
"version" : {
"version_data" : [
{
"version_value" : "prior to 6.3.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-02-02T00:00:00",
"ID": "CVE-2017-18081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bamboo",
"version": {
"version_data": [
{
"version_value": "prior to 6.3.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/BAM-19665",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/BAM-19665"
},
{
"name" : "103087",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/BAM-19665",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/BAM-19665"
},
{
"name": "103087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103087"
}
]
}
}

160
2017/1xxx/CVE-2017-1155.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Algo One",
"version" : {
"version_data" : [
{
"version_value" : "4.7"
},
{
"version_value" : "4.7.1"
},
{
"version_value" : "4.8"
},
{
"version_value" : "4.9.1"
},
{
"version_value" : "5.0.0"
},
{
"version_value" : "5.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Algo One",
"version": {
"version_data": [
{
"version_value": "4.7"
},
{
"version_value": "4.7.1"
},
{
"version_value": "4.8"
},
{
"version_value": "4.9.1"
},
{
"version_value": "5.0.0"
},
{
"version_value": "5.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999754",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999754"
},
{
"name" : "96968",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999754"
},
{
"name": "96968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96968"
}
]
}
}

34
2017/1xxx/CVE-2017-1390.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1390",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1390",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1393.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1393",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1393",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/5xxx/CVE-2017-5193.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170106 Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/06/1"
},
{
"name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1217-1] irssi security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"
},
{
"name" : "https://irssi.org/security/irssi_sa_2017_01.txt",
"refsource" : "CONFIRM",
"url" : "https://irssi.org/security/irssi_sa_2017_01.txt"
},
{
"name" : "GLSA-201701-45",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-45"
},
{
"name" : "95310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170106 Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/06/1"
},
{
"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1217-1] irssi security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html"
},
{
"name": "https://irssi.org/security/irssi_sa_2017_01.txt",
"refsource": "CONFIRM",
"url": "https://irssi.org/security/irssi_sa_2017_01.txt"
},
{
"name": "95310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95310"
},
{
"name": "GLSA-201701-45",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-45"
}
]
}
}

130
2017/5xxx/CVE-2017-5216.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the \"Import to Phonebook\" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/release_notes/NetopRemoteControl_12.51_ModificationNotes_final.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/release_notes/NetopRemoteControl_12.51_ModificationNotes_final.pdf"
},
{
"name" : "95316",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the \"Import to Phonebook\" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/release_notes/NetopRemoteControl_12.51_ModificationNotes_final.pdf",
"refsource": "CONFIRM",
"url": "http://www.netop.com/fileadmin/netop/resources/products/administration/remote_control/release_notes/NetopRemoteControl_12.51_ModificationNotes_final.pdf"
},
{
"name": "95316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95316"
}
]
}
}

130
2017/5xxx/CVE-2017-5665.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c/"
},
{
"name" : "95906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95906"
},
{
"name": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c/"
}
]
}
}

132
2017/5xxx/CVE-2017-5823.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-05-11T00:00:00",
"ID" : "CVE-2017-5823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
{
"version_value" : "PLAT 7.3 E0504P04"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-05-11T00:00:00",
"ID": "CVE-2017-5823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value": "PLAT 7.3 E0504P04"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us"
},
{
"name" : "1038560",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038560"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us"
}
]
}
}