admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:09:57 +00:00
parent dcf14a4400
commit 6ad43aa598
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4665 additions and 4665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/0xxx/CVE-2006-0177.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060110 SUID root overflows in UNICOS and partial shellcode",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html"
},
{
"name" : "16205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16205"
},
{
"name" : "unicos-command-line-bo(24276)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16205"
},
{
"name": "unicos-command-line-bo(24276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24276"
},
{
"name": "20060110 SUID root overflows in UNICOS and partial shellcode",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html"
}
]
}
}

150
2006/0xxx/CVE-2006-0501.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060131 MyCO multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423565/100/0/threaded"
},
{
"name" : "20060201 Re: MyCO multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423696/100/0/threaded"
},
{
"name" : "16444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16444"
},
{
"name" : "myco-name-xss(24439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16444"
},
{
"name": "20060131 MyCO multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423565/100/0/threaded"
},
{
"name": "20060201 Re: MyCO multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423696/100/0/threaded"
},
{
"name": "myco-name-xss(24439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24439"
}
]
}
}

430
2006/0xxx/CVE-2006-0744.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "FEDORA-2006-423",
"refsource" : "FEDORA",
"url" : "http://lwn.net/Alerts/180820/"
},
{
"name" : "MDKSA-2006:086",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086"
},
{
"name" : "MDKSA-2006:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name" : "RHSA-2006:0493",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name" : "RHSA-2006:0437",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "SUSE-SA:2006:042",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"name" : "SUSE-SA:2006:047",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"name" : "USN-302-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name" : "17541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17541"
},
{
"name" : "oval:org.mitre.oval:def:9732",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9732"
},
{
"name" : "ADV-2006-1390",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1390"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "ADV-2006-1475",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name" : "24639",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24639"
},
{
"name" : "19639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19639"
},
{
"name" : "19735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19735"
},
{
"name" : "20157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20157"
},
{
"name" : "20237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20237"
},
{
"name" : "20716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20716"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "21136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21136"
},
{
"name" : "21179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21179"
},
{
"name" : "21745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21745"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
},
{
"name" : "21983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21983"
},
{
"name" : "21498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21498"
},
{
"name" : "linux-uncanonical-addr-dos(25869)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name": "linux-uncanonical-addr-dos(25869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25869"
},
{
"name": "RHSA-2006:0493",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name": "RHSA-2006:0437",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name": "SUSE-SA:2006:042",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"name": "19735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19735"
},
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "20716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20716"
},
{
"name": "FEDORA-2006-423",
"refsource": "FEDORA",
"url": "http://lwn.net/Alerts/180820/"
},
{
"name": "21745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21745"
},
{
"name": "SUSE-SA:2006:047",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"name": "21136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21136"
},
{
"name": "MDKSA-2006:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name": "19639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19639"
},
{
"name": "USN-302-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name": "21983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21983"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "ADV-2006-1390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1390"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "17541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17541"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5"
},
{
"name": "ADV-2006-1475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name": "24639",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24639"
},
{
"name": "21498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21498"
},
{
"name": "20237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20237"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "oval:org.mitre.oval:def:9732",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9732"
},
{
"name": "MDKSA-2006:086",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086"
},
{
"name": "20157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20157"
},
{
"name": "21179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21179"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

150
2006/0xxx/CVE-2006-0910.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"name" : "http://neosecurityteam.net/advisories/Advisory-16.txt",
"refsource" : "MISC",
"url" : "http://neosecurityteam.net/advisories/Advisory-16.txt"
},
{
"name" : "http://neosecurityteam.net/index.php?action=advisories&id=16",
"refsource" : "MISC",
"url" : "http://neosecurityteam.net/index.php?action=advisories&id=16"
},
{
"name" : "invisionpowerboard-multiple-info-disclosure(24840)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"name": "http://neosecurityteam.net/index.php?action=advisories&id=16",
"refsource": "MISC",
"url": "http://neosecurityteam.net/index.php?action=advisories&id=16"
},
{
"name": "http://neosecurityteam.net/advisories/Advisory-16.txt",
"refsource": "MISC",
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
]
}
}

210
2006/3xxx/CVE-2006-3139.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080213 Re: Vwar New Bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488118/100/200/threaded"
},
{
"name" : "20080213 Vwar New Bug",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0186.html"
},
{
"name" : "http://pridels0.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html"
},
{
"name" : "20060814 Virtual War v1.5.0 SQL injection and XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443171/100/0/threaded"
},
{
"name" : "27772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27772"
},
{
"name" : "ADV-2006-2383",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2383"
},
{
"name" : "26533",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26533"
},
{
"name" : "20696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20696"
},
{
"name" : "virtualwar-war-sql-injection(27153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27153"
},
{
"name" : "virtualwar-warphp-sql-injection(40481)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060814 Virtual War v1.5.0 SQL injection and XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443171/100/0/threaded"
},
{
"name": "20080213 Re: Vwar New Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488118/100/200/threaded"
},
{
"name": "virtualwar-war-sql-injection(27153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27153"
},
{
"name": "http://pridels0.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/virtual-war-multiple-sql-inj-vuln.html"
},
{
"name": "20696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20696"
},
{
"name": "ADV-2006-2383",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2383"
},
{
"name": "20080213 Vwar New Bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0186.html"
},
{
"name": "26533",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26533"
},
{
"name": "27772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27772"
},
{
"name": "virtualwar-warphp-sql-injection(40481)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40481"
}
]
}
}

140
2006/3xxx/CVE-2006-3205.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437875/100/0/threaded"
},
{
"name" : "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt",
"refsource" : "MISC",
"url" : "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt"
},
{
"name" : "1138",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt",
"refsource": "MISC",
"url": "http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt"
},
{
"name": "1138",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1138"
},
{
"name": "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437875/100/0/threaded"
}
]
}
}

190
2006/3xxx/CVE-2006-3358.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060629 NewsPHP 2006 PRO XSS SQL injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438858/100/0/threaded"
},
{
"name" : "18726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18726"
},
{
"name" : "ADV-2006-2640",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2640"
},
{
"name" : "26976",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26976"
},
{
"name" : "26977",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26977"
},
{
"name" : "20943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20943"
},
{
"name" : "1188",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1188"
},
{
"name" : "newsphp-multiple-parameters-xss(27508)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26976",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26976"
},
{
"name": "20943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20943"
},
{
"name": "18726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18726"
},
{
"name": "1188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1188"
},
{
"name": "newsphp-multiple-parameters-xss(27508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27508"
},
{
"name": "26977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26977"
},
{
"name": "20060629 NewsPHP 2006 PRO XSS SQL injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438858/100/0/threaded"
},
{
"name": "ADV-2006-2640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2640"
}
]
}
}

200
2006/3xxx/CVE-2006-3480.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/1510/74/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1510/74/"
},
{
"name" : "http://www.joomla.org/content/view/1511/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1511/78/"
},
{
"name" : "18742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18742"
},
{
"name" : "ADV-2006-2608",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2608"
},
{
"name" : "26913",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26913"
},
{
"name" : "26917",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26917"
},
{
"name" : "26918",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26918"
},
{
"name" : "20874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20874"
},
{
"name" : "joomla-multiple-xss(27521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-multiple-xss(27521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27521"
},
{
"name": "ADV-2006-2608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2608"
},
{
"name": "18742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18742"
},
{
"name": "26917",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26917"
},
{
"name": "http://www.joomla.org/content/view/1510/74/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1510/74/"
},
{
"name": "26918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26918"
},
{
"name": "26913",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26913"
},
{
"name": "20874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20874"
},
{
"name": "http://www.joomla.org/content/view/1511/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1511/78/"
}
]
}
}

130
2006/3xxx/CVE-2006-3577.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/LifeType105SQLInjJuly052006.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/LifeType105SQLInjJuly052006.pl"
},
{
"name" : "18835",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18835"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/LifeType105SQLInjJuly052006.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/LifeType105SQLInjJuly052006.pl"
}
]
}
}

170
2006/3xxx/CVE-2006-3689.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that \" the myadmindir variable is set before any GET variables are processed.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060714 SubberZ[Lite] - Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440139/100/0/threaded"
},
{
"name" : "20060717 Re: SubberZ[Lite] - Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440864/100/100/threaded"
},
{
"name" : "18990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18990"
},
{
"name" : "28592",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28592"
},
{
"name" : "1246",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1246"
},
{
"name" : "subberzlite-userfunc-file-include(27748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that \" the myadmindir variable is set before any GET variables are processed.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "subberzlite-userfunc-file-include(27748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27748"
},
{
"name": "20060717 Re: SubberZ[Lite] - Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440864/100/100/threaded"
},
{
"name": "20060714 SubberZ[Lite] - Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440139/100/0/threaded"
},
{
"name": "28592",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28592"
},
{
"name": "1246",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1246"
},
{
"name": "18990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18990"
}
]
}
}

340
2006/4xxx/CVE-2006-4226.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[commits] 20060504 bk commit into 4.1 tree (bar:1.2474)",
"refsource" : "MLIST",
"url" : "http://lists.mysql.com/commits/5927"
},
{
"name" : "http://bugs.mysql.com/bug.php?id=17647",
"refsource" : "MISC",
"url" : "http://bugs.mysql.com/bug.php?id=17647"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "DSA-1169",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1169"
},
{
"name" : "MDKSA-2006:149",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:149"
},
{
"name" : "RHSA-2007:0083",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0083.html"
},
{
"name" : "RHSA-2007:0152",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0152.html"
},
{
"name" : "SUSE-SR:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "19559",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19559"
},
{
"name" : "oval:org.mitre.oval:def:10729",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729"
},
{
"name" : "ADV-2006-3306",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3306"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "1016710",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016710"
},
{
"name" : "21506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21506"
},
{
"name" : "21762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21762"
},
{
"name" : "21627",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21627"
},
{
"name" : "22080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22080"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "24744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24744"
},
{
"name" : "mysql-case-privilege-escalation(28448)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10729",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10729"
},
{
"name": "21627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21627"
},
{
"name": "1016710",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016710"
},
{
"name": "RHSA-2007:0152",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0152.html"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "21762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21762"
},
{
"name": "ADV-2006-3306",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3306"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "21506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21506"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "24744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24744"
},
{
"name": "19559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19559"
},
{
"name": "mysql-case-privilege-escalation(28448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28448"
},
{
"name": "MDKSA-2006:149",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:149"
},
{
"name": "22080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22080"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=17647",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=17647"
},
{
"name": "[commits] 20060504 bk commit into 4.1 tree (bar:1.2474)",
"refsource": "MLIST",
"url": "http://lists.mysql.com/commits/5927"
},
{
"name": "DSA-1169",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1169"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "RHSA-2007:0083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0083.html"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}

180
2006/4xxx/CVE-2006-4721.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070319 CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/463191/100/0/threaded"
},
{
"name" : "20070319 Re: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/463217/100/0/threaded"
},
{
"name" : "2333",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2333"
},
{
"name" : "http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt",
"refsource" : "MISC",
"url" : "http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt"
},
{
"name" : "http://unkn0wn.awardspace.com/Blog/?p=46",
"refsource" : "MISC",
"url" : "http://unkn0wn.awardspace.com/Blog/?p=46"
},
{
"name" : "ADV-2006-3549",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3549"
},
{
"name" : "21843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21843"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21843"
},
{
"name": "20070319 Re: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463217/100/0/threaded"
},
{
"name": "ADV-2006-3549",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3549"
},
{
"name": "2333",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2333"
},
{
"name": "20070319 CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463191/100/0/threaded"
},
{
"name": "http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt",
"refsource": "MISC",
"url": "http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt"
},
{
"name": "http://unkn0wn.awardspace.com/Blog/?p=46",
"refsource": "MISC",
"url": "http://unkn0wn.awardspace.com/Blog/?p=46"
}
]
}
}

140
2010/2xxx/CVE-2010-2114.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html"
},
{
"name" : "64950",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64950"
},
{
"name" : "39952",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html"
},
{
"name": "64950",
"refsource": "OSVDB",
"url": "http://osvdb.org/64950"
},
{
"name": "39952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39952"
}
]
}
}

310
2010/2xxx/CVE-2010-2221.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html"
},
{
"name" : "20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html"
},
{
"name" : "[iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel"
},
{
"name" : "[stgt] 20100701 1.0.6 released",
"refsource" : "MLIST",
"url" : "http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html"
},
{
"name" : "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793",
"refsource" : "CONFIRM",
"url" : "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793"
},
{
"name" : "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793",
"refsource" : "CONFIRM",
"url" : "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=593877",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=593877"
},
{
"name" : "MDVSA-2010:131",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131"
},
{
"name" : "RHSA-2010:0518",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0518.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "41327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41327"
},
{
"name" : "65990",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65990"
},
{
"name" : "65991",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65991"
},
{
"name" : "65992",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65992"
},
{
"name" : "1024175",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024175"
},
{
"name" : "40485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40485"
},
{
"name" : "40494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40494"
},
{
"name" : "40495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40495"
},
{
"name" : "ADV-2010-1760",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1760"
},
{
"name" : "ADV-2010-1786",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793",
"refsource": "CONFIRM",
"url": "http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793"
},
{
"name": "20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html"
},
{
"name": "ADV-2010-1760",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1760"
},
{
"name": "20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html"
},
{
"name": "65992",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65992"
},
{
"name": "MDVSA-2010:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131"
},
{
"name": "65990",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65990"
},
{
"name": "41327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41327"
},
{
"name": "RHSA-2010:0518",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0518.html"
},
{
"name": "65991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65991"
},
{
"name": "[iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel"
},
{
"name": "40485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40485"
},
{
"name": "[stgt] 20100701 1.0.6 released",
"refsource": "MLIST",
"url": "http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=593877",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=593877"
},
{
"name": "40494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40494"
},
{
"name": "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793",
"refsource": "CONFIRM",
"url": "http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793"
},
{
"name": "ADV-2010-1786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1786"
},
{
"name": "1024175",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024175"
},
{
"name": "40495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40495"
}
]
}
}

130
2010/2xxx/CVE-2010-2268.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
"refsource" : "MISC",
"url" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
},
{
"name" : "VU#245081",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/245081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
"refsource": "MISC",
"url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
},
{
"name": "VU#245081",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/245081"
}
]
}
}

180
2010/2xxx/CVE-2010-2351.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13906",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13906"
},
{
"name" : "http://www.stratsec.net/Research/Advisories/SS-2010-006-Netware-SMB-Remote-Stack-Overflow",
"refsource" : "MISC",
"url" : "http://www.stratsec.net/Research/Advisories/SS-2010-006-Netware-SMB-Remote-Stack-Overflow"
},
{
"name" : "http://download.novell.com/Download?buildid=tMWCI1cdI7s~",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=tMWCI1cdI7s~"
},
{
"name" : "40908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40908"
},
{
"name" : "40199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40199"
},
{
"name" : "ADV-2010-1514",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1514"
},
{
"name" : "netware-cifsnlm-bo(59501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.stratsec.net/Research/Advisories/SS-2010-006-Netware-SMB-Remote-Stack-Overflow",
"refsource": "MISC",
"url": "http://www.stratsec.net/Research/Advisories/SS-2010-006-Netware-SMB-Remote-Stack-Overflow"
},
{
"name": "netware-cifsnlm-bo(59501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59501"
},
{
"name": "40199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40199"
},
{
"name": "40908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40908"
},
{
"name": "ADV-2010-1514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1514"
},
{
"name": "http://download.novell.com/Download?buildid=tMWCI1cdI7s~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=tMWCI1cdI7s~"
},
{
"name": "13906",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13906"
}
]
}
}

220
2010/2xxx/CVE-2010-2448.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026",
"refsource" : "MISC",
"url" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929"
},
{
"name" : "http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view"
},
{
"name" : "http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision",
"refsource" : "CONFIRM",
"url" : "http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision"
},
{
"name" : "DSA-2069",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2069"
},
{
"name" : "FEDORA-2010-10042",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html"
},
{
"name" : "FEDORA-2010-10078",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html"
},
{
"name" : "FEDORA-2010-10082",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html"
},
{
"name" : "40982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40982"
},
{
"name" : "40523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40523"
},
{
"name" : "ADV-2010-1775",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026",
"refsource": "MISC",
"url": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026"
},
{
"name": "ADV-2010-1775",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1775"
},
{
"name": "FEDORA-2010-10078",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html"
},
{
"name": "40523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40523"
},
{
"name": "http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view"
},
{
"name": "40982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40982"
},
{
"name": "http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision",
"refsource": "CONFIRM",
"url": "http://znc.svn.sourceforge.net/viewvc/znc?revision=2026&view=revision"
},
{
"name": "FEDORA-2010-10042",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html"
},
{
"name": "FEDORA-2010-10082",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929"
},
{
"name": "DSA-2069",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2069"
}
]
}
}

150
2010/2xxx/CVE-2010-2715.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14203",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14203"
},
{
"name" : "41382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41382"
},
{
"name" : "ADV-2010-1696",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1696"
},
{
"name" : "tcwphpalbum-index-xss(60078)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60078"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41382"
},
{
"name": "ADV-2010-1696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1696"
},
{
"name": "14203",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14203"
},
{
"name": "tcwphpalbum-index-xss(60078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60078"
}
]
}
}

150
2010/3xxx/CVE-2010-3345.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Element Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-090",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:11849",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849"
},
{
"name" : "1024872",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Element Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11849",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849"
},
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-090",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
},
{
"name": "1024872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024872"
}
]
}
}

190
2010/3xxx/CVE-2010-3801.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-259/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-259/"
},
{
"name" : "http://support.apple.com/kb/HT4447",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4447"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "APPLE-SA-2010-12-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "69755",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69755"
},
{
"name" : "oval:org.mitre.oval:def:15642",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15642"
},
{
"name" : "1024830",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69755",
"refsource": "OSVDB",
"url": "http://osvdb.org/69755"
},
{
"name": "APPLE-SA-2010-12-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-259/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-259/"
},
{
"name": "http://support.apple.com/kb/HT4447",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4447"
},
{
"name": "oval:org.mitre.oval:def:15642",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15642"
},
{
"name": "1024830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024830"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

160
2011/0xxx/CVE-2011-0257.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17777",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17777"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-252/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-252/"
},
{
"name" : "http://support.apple.com/kb/HT4826",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4826"
},
{
"name" : "oval:org.mitre.oval:def:16059",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059"
},
{
"name" : "8365",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4826",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4826"
},
{
"name": "8365",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8365"
},
{
"name": "17777",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17777"
},
{
"name": "oval:org.mitre.oval:def:16059",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-252/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-252/"
}
]
}
}

190
2011/0xxx/CVE-2011-0565.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "46204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46204"
},
{
"name" : "oval:org.mitre.oval:def:12606",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12606"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name": "46204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46204"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "oval:org.mitre.oval:def:12606",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12606"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

140
2011/0xxx/CVE-2011-0822.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

34
2011/0xxx/CVE-2011-0907.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0907",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0907",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

230
2011/1xxx/CVE-2011-1147.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"name" : "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2011-002.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
},
{
"name" : "DSA-2225",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2225"
},
{
"name" : "FEDORA-2011-2360",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"name" : "FEDORA-2011-2438",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"name" : "FEDORA-2011-2558",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"name" : "46474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46474"
},
{
"name" : "1025101",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025101"
},
{
"name" : "43429",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43429"
},
{
"name" : "43702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43702"
},
{
"name" : "ADV-2011-0635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0635"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43702"
},
{
"name": "46474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46474"
},
{
"name": "DSA-2225",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2225"
},
{
"name": "43429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43429"
},
{
"name": "FEDORA-2011-2438",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html"
},
{
"name": "ADV-2011-0635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0635"
},
{
"name": "[oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/2"
},
{
"name": "FEDORA-2011-2360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html"
},
{
"name": "FEDORA-2011-2558",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html"
},
{
"name": "1025101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025101"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/11/8"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2011-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2011-002.html"
}
]
}
}

220
2011/1xxx/CVE-2011-1156.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update",
"refsource" : "MLIST",
"url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html"
},
{
"name" : "[oss-security] 20110314 CVE request for python-feedparser",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/18"
},
{
"name" : "[oss-security] 20110315 Re: CVE request for python-feedparser",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/15/11"
},
{
"name" : "http://support.novell.com/security/cve/CVE-2011-1156.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/security/cve/CVE-2011-1156.html"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=680074",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=680074"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684877",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684877"
},
{
"name" : "https://code.google.com/p/feedparser/issues/detail?id=91",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/feedparser/issues/detail?id=91"
},
{
"name" : "MDVSA-2011:082",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:082"
},
{
"name" : "46867",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46867"
},
{
"name" : "43730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43730"
},
{
"name" : "44074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110314 CVE request for python-feedparser",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/18"
},
{
"name": "http://support.novell.com/security/cve/CVE-2011-1156.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2011-1156.html"
},
{
"name": "43730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43730"
},
{
"name": "https://code.google.com/p/feedparser/issues/detail?id=91",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/feedparser/issues/detail?id=91"
},
{
"name": "46867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46867"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684877",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684877"
},
{
"name": "44074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44074"
},
{
"name": "[oss-security] 20110315 Re: CVE request for python-feedparser",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/15/11"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=680074",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=680074"
},
{
"name": "MDVSA-2011:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:082"
}
]
}
}

180
2011/1xxx/CVE-2011-1607.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html"
},
{
"name" : "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml"
},
{
"name" : "47608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47608"
},
{
"name" : "1025449",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025449"
},
{
"name" : "44331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44331"
},
{
"name" : "ADV-2011-1122",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1122"
},
{
"name" : "cisco-ucm-dir-traversal(67127)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-ucm-dir-traversal(67127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127"
},
{
"name": "44331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44331"
},
{
"name": "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html"
},
{
"name": "1025449",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025449"
},
{
"name": "ADV-2011-1122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1122"
},
{
"name": "47608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47608"
},
{
"name": "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml"
}
]
}
}

170
2011/1xxx/CVE-2011-1721.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110412 HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517434/100/0/threaded"
},
{
"name" : "http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html"
},
{
"name" : "71844",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71844"
},
{
"name" : "44118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44118"
},
{
"name" : "8212",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8212"
},
{
"name" : "webjaxe-administration-csrf(66757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66757"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html"
},
{
"name": "20110412 HTB22927: CSRF (Cross-Site Request Forgery) in Webjaxe",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517434/100/0/threaded"
},
{
"name": "71844",
"refsource": "OSVDB",
"url": "http://osvdb.org/71844"
},
{
"name": "44118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44118"
},
{
"name": "webjaxe-administration-csrf(66757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66757"
},
{
"name": "8212",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8212"
}
]
}
}

200
2011/1xxx/CVE-2011-1725.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02666",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02789514"
},
{
"name" : "SSRT100434",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02789514"
},
{
"name" : "47550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47550"
},
{
"name" : "72049",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72049"
},
{
"name" : "1025435",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025435"
},
{
"name" : "44304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44304"
},
{
"name" : "44319",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44319"
},
{
"name" : "ADV-2011-1090",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1090"
},
{
"name" : "hp-network-unspec-info-disclosure(67021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44319"
},
{
"name": "hp-network-unspec-info-disclosure(67021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67021"
},
{
"name": "HPSBMA02666",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02789514"
},
{
"name": "47550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47550"
},
{
"name": "44304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44304"
},
{
"name": "1025435",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025435"
},
{
"name": "72049",
"refsource": "OSVDB",
"url": "http://osvdb.org/72049"
},
{
"name": "ADV-2011-1090",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1090"
},
{
"name": "SSRT100434",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02789514"
}
]
}
}

200
2011/1xxx/CVE-2011-1823.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/",
"refsource" : "MISC",
"url" : "http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/"
},
{
"name" : "http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html",
"refsource" : "MISC",
"url" : "http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html"
},
{
"name" : "http://forum.xda-developers.com/showthread.php?t=1044765",
"refsource" : "MISC",
"url" : "http://forum.xda-developers.com/showthread.php?t=1044765"
},
{
"name" : "http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/",
"refsource" : "MISC",
"url" : "http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/"
},
{
"name" : "http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/",
"refsource" : "MISC",
"url" : "http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/"
},
{
"name" : "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=b620a0b1c7ae486e979826200e8e441605b0a5d6",
"refsource" : "CONFIRM",
"url" : "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=b620a0b1c7ae486e979826200e8e441605b0a5d6"
},
{
"name" : "http://android.git.kernel.org/?p=platform/system/netd.git;a=commit;h=79b579c92afc08ab12c0a5788d61f2dd2934836f",
"refsource" : "CONFIRM",
"url" : "http://android.git.kernel.org/?p=platform/system/netd.git;a=commit;h=79b579c92afc08ab12c0a5788d61f2dd2934836f"
},
{
"name" : "http://android.git.kernel.org/?p=platform/system/vold.git;a=commit;h=c51920c82463b240e2be0430849837d6fdc5352e",
"refsource" : "CONFIRM",
"url" : "http://android.git.kernel.org/?p=platform/system/vold.git;a=commit;h=c51920c82463b240e2be0430849837d6fdc5352e"
},
{
"name" : "android-vold-priv-escalation(67977)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://android.git.kernel.org/?p=platform/system/netd.git;a=commit;h=79b579c92afc08ab12c0a5788d61f2dd2934836f",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/system/netd.git;a=commit;h=79b579c92afc08ab12c0a5788d61f2dd2934836f"
},
{
"name": "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=b620a0b1c7ae486e979826200e8e441605b0a5d6",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=b620a0b1c7ae486e979826200e8e441605b0a5d6"
},
{
"name": "http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html",
"refsource": "MISC",
"url": "http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html"
},
{
"name": "http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/",
"refsource": "MISC",
"url": "http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/"
},
{
"name": "http://android.git.kernel.org/?p=platform/system/vold.git;a=commit;h=c51920c82463b240e2be0430849837d6fdc5352e",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=platform/system/vold.git;a=commit;h=c51920c82463b240e2be0430849837d6fdc5352e"
},
{
"name": "http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/",
"refsource": "MISC",
"url": "http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/"
},
{
"name": "android-vold-priv-escalation(67977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67977"
},
{
"name": "http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/",
"refsource": "MISC",
"url": "http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/"
},
{
"name": "http://forum.xda-developers.com/showthread.php?t=1044765",
"refsource": "MISC",
"url": "http://forum.xda-developers.com/showthread.php?t=1044765"
}
]
}
}

120
2011/5xxx/CVE-2011-5088.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a \"Workbench32/WebHMI component SetTrustedZone Policy vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf"
}
]
}
}

130
2011/5xxx/CVE-2011-5183.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18091",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18091"
},
{
"name" : "http://www.bioinformatics.org/phplabware/labwiki/index.php?page=release_notes",
"refsource" : "CONFIRM",
"url" : "http://www.bioinformatics.org/phplabware/labwiki/index.php?page=release_notes"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bioinformatics.org/phplabware/labwiki/index.php?page=release_notes",
"refsource": "CONFIRM",
"url": "http://www.bioinformatics.org/phplabware/labwiki/index.php?page=release_notes"
},
{
"name": "18091",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18091"
}
]
}
}

160
2014/3xxx/CVE-2014-3025.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name" : "IV57241",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
},
{
"name" : "59570",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59570"
},
{
"name" : "59640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59640"
},
{
"name" : "ibm-maximo-cve20143025-xss(93064)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
]
}
}

130
2014/3xxx/CVE-2014-3096.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692994",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"name" : "ibm-curam-cve20143096-xss(94264)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"name": "ibm-curam-cve20143096-xss(94264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
}
]
}
}

140
2014/3xxx/CVE-2014-3828.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name" : "VU#298796",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/298796"
},
{
"name" : "70648",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70648"
}
]
}
}

160
2014/3xxx/CVE-2014-3842.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33076",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33076"
},
{
"name" : "20140424 Multiple Vulnerabilities in iMember360 (Wordpress plugin)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/265"
},
{
"name" : "http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html"
},
{
"name" : "106299",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/106299"
},
{
"name" : "58094",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58094"
},
{
"name": "http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html"
},
{
"name": "33076",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33076"
},
{
"name": "106299",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/106299"
},
{
"name": "20140424 Multiple Vulnerabilities in iMember360 (Wordpress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/265"
}
]
}
}

140
2014/3xxx/CVE-2014-3945.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name" : "DSA-2942",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}

150
2014/6xxx/CVE-2014-6322.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka \"Windows Audio Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-071"
},
{
"name" : "70978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70978"
},
{
"name" : "1031191",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031191"
},
{
"name" : "59968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka \"Windows Audio Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70978"
},
{
"name": "59968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59968"
},
{
"name": "MS14-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-071"
},
{
"name": "1031191",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031191"
}
]
}
}

140
2014/6xxx/CVE-2014-6345.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Internet Explorer Cross-domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065"
},
{
"name" : "70942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70942"
},
{
"name" : "1031185",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Internet Explorer Cross-domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031185",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031185"
},
{
"name": "70942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70942"
},
{
"name": "MS14-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065"
}
]
}
}

140
2014/6xxx/CVE-2014-6726.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#832505",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/832505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#832505",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/832505"
}
]
}
}

34
2014/7xxx/CVE-2014-7511.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7511",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7511",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/7xxx/CVE-2014-7801.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7801",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7801",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/7xxx/CVE-2014-7961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7961",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7961",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8208.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8208",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8208",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

120
2014/8xxx/CVE-2014-8528.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053"
}
]
}
}

130
2016/2xxx/CVE-2016-2013.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
},
{
"name" : "1035767",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035767"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
}
]
}
}

130
2016/2xxx/CVE-2016-2350.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/",
"refsource" : "MISC",
"url" : "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/"
},
{
"name" : "VU#505560",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/505560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/",
"refsource": "MISC",
"url": "http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/"
},
{
"name": "VU#505560",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/505560"
}
]
}
}

140
2016/2xxx/CVE-2016-2417.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39685",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39685/"
},
{
"name" : "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39685",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39685/"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84"
}
]
}
}

360
2016/2xxx/CVE-2016-2807.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-39.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-39.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1187420",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1187420"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1252707",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1252707"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254164",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254164"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254622",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254622"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254876",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1254876"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3559",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3559"
},
{
"name" : "DSA-3576",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3576"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:1041",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1041.html"
},
{
"name" : "RHSA-2016:0695",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0695.html"
},
{
"name" : "openSUSE-SU-2016:1767",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:1769",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:1778",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name" : "openSUSE-SU-2016:1211",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name" : "SUSE-SU-2016:1258",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html"
},
{
"name" : "openSUSE-SU-2016:1251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name" : "SUSE-SU-2016:1352",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1374",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html"
},
{
"name" : "USN-2936-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name" : "USN-2936-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name" : "USN-2936-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name" : "USN-2973-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name" : "1035692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1252707",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1252707"
},
{
"name": "DSA-3576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-39.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-39.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254622",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254622"
},
{
"name": "openSUSE-SU-2016:1211",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:0695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0695.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "1035692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035692"
},
{
"name": "SUSE-SU-2016:1374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254876",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254876"
},
{
"name": "openSUSE-SU-2016:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name": "USN-2936-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-2"
},
{
"name": "SUSE-SU-2016:1352",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html"
},
{
"name": "USN-2973-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3559",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3559"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1187420",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1187420"
},
{
"name": "USN-2936-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-1"
},
{
"name": "USN-2936-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2936-3"
},
{
"name": "SUSE-SU-2016:1258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html"
},
{
"name": "RHSA-2016:1041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1041.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254164",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1254164"
}
]
}
}

150
2016/2xxx/CVE-2016-2853.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[aufs] 20160219 aufs3 and aufs4 GIT release",
"refsource" : "MLIST",
"url" : "https://sourceforge.net/p/aufs/mailman/message/34864744/"
},
{
"name" : "[oss-security] 20160224 Aufs Union Filesystem Privilege Escalation In User Namespaces",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/24/9"
},
{
"name" : "http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/",
"refsource" : "MISC",
"url" : "http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/"
},
{
"name" : "96839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96839"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96839"
},
{
"name": "http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/",
"refsource": "MISC",
"url": "http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/"
},
{
"name": "[oss-security] 20160224 Aufs Union Filesystem Privilege Escalation In User Namespaces",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/24/9"
},
{
"name": "[aufs] 20160219 aufs3 and aufs4 GIT release",
"refsource": "MLIST",
"url": "https://sourceforge.net/p/aufs/mailman/message/34864744/"
}
]
}
}

150
2017/18xxx/CVE-2017-18021.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/IJHack/QtPass/issues/338",
"refsource" : "MISC",
"url" : "https://github.com/IJHack/QtPass/issues/338"
},
{
"name" : "https://github.com/IJHack/QtPass/releases/tag/v1.2.1",
"refsource" : "MISC",
"url" : "https://github.com/IJHack/QtPass/releases/tag/v1.2.1"
},
{
"name" : "https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html",
"refsource" : "MISC",
"url" : "https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html"
},
{
"name" : "https://qtpass.org/",
"refsource" : "MISC",
"url" : "https://qtpass.org/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/IJHack/QtPass/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/IJHack/QtPass/releases/tag/v1.2.1"
},
{
"name": "https://qtpass.org/",
"refsource": "MISC",
"url": "https://qtpass.org/"
},
{
"name": "https://github.com/IJHack/QtPass/issues/338",
"refsource": "MISC",
"url": "https://github.com/IJHack/QtPass/issues/338"
},
{
"name": "https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html",
"refsource": "MISC",
"url": "https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html"
}
]
}
}

120
2017/18xxx/CVE-2017-18289.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/",
"refsource": "MISC",
"url": "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/"
}
]
}
}

160
2017/18xxx/CVE-2017-18360.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1123706",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1123706"
},
{
"name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3",
"refsource" : "MISC",
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3"
},
{
"name" : "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b"
},
{
"name" : "106802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1123706",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1123706"
},
{
"name": "106802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106802"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b"
},
{
"name": "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b"
}
]
}
}

394
2017/1xxx/CVE-2017-1752.json
View File

@ -1,199 +1,199 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-05-22T00:00:00",
"ID" : "CVE-2017-1752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UrbanCode Deploy",
"version" : {
"version_data" : [
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.1"
},
{
"version_value" : "6.1.0.1"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "6.1.0.4"
},
{
"version_value" : "6.1.1"
},
{
"version_value" : "6.1.1.1"
},
{
"version_value" : "6.1.1.2"
},
{
"version_value" : "6.1.1.3"
},
{
"version_value" : "6.1.1.4"
},
{
"version_value" : "6.1.1.5"
},
{
"version_value" : "6.1.1.6"
},
{
"version_value" : "6.1.1.7"
},
{
"version_value" : "6.1.2"
},
{
"version_value" : "6.1.1.8"
},
{
"version_value" : "6.1.3"
},
{
"version_value" : "6.1.3.1"
},
{
"version_value" : "6.2"
},
{
"version_value" : "6.2.0.1"
},
{
"version_value" : "6.1.3.2"
},
{
"version_value" : "6.2.0.2"
},
{
"version_value" : "6.2.1"
},
{
"version_value" : "6.2.1.1"
},
{
"version_value" : "6.1.3.3"
},
{
"version_value" : "6.2.1.2"
},
{
"version_value" : "6.2.2"
},
{
"version_value" : "6.2.2.1"
},
{
"version_value" : "6.2.3.0"
},
{
"version_value" : "6.2.3.1"
},
{
"version_value" : "6.1.3.4"
},
{
"version_value" : "6.1.3.5"
},
{
"version_value" : "6.2.4"
},
{
"version_value" : "6.1.3.6"
},
{
"version_value" : "6.2.4.1"
},
{
"version_value" : "6.2.4.2"
},
{
"version_value" : "6.2.5"
},
{
"version_value" : "6.2.5.1"
},
{
"version_value" : "6.1.3.7"
},
{
"version_value" : "6.1.3.8"
},
{
"version_value" : "6.2.5.2"
},
{
"version_value" : "6.2.6.0"
},
{
"version_value" : "6.2.6.1"
},
{
"version_value" : "6.2.7.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2017-1752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
},
{
"version_value": "6.2.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.1.3.4"
},
{
"version_value": "6.1.3.5"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.1.3.6"
},
{
"version_value": "6.2.4.1"
},
{
"version_value": "6.2.4.2"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.5.1"
},
{
"version_value": "6.1.3.7"
},
{
"version_value": "6.1.3.8"
},
{
"version_value": "6.2.5.2"
},
{
"version_value": "6.2.6.0"
},
{
"version_value": "6.2.6.1"
},
{
"version_value": "6.2.7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000376",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"name" : "104289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104289"
},
{
"name" : "ibm-ucd-cve20171752-info-disc(135547)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"name": "104289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104289"
},
{
"name": "ibm-ucd-cve20171752-info-disc(135547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
}
]
}
}

34
2017/1xxx/CVE-2017-1770.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1770",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1770",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2017/5xxx/CVE-2017-5056.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html"
},
{
"name" : "https://crbug.com/705445",
"refsource" : "MISC",
"url" : "https://crbug.com/705445"
},
{
"name" : "GLSA-201704-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-02"
},
{
"name" : "RHSA-2017:0860",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0860"
},
{
"name" : "97220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97220"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97220"
},
{
"name": "RHSA-2017:0860",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0860"
},
{
"name": "GLSA-201704-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-02"
},
{
"name": "https://crbug.com/705445",
"refsource": "MISC",
"url": "https://crbug.com/705445"
},
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

34
2017/5xxx/CVE-2017-5311.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5311",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5737.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5737",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5737",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5889.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5889",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5889",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}