admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:21:39 +00:00
parent 056679991b
commit 6ba37b4de0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3716 additions and 3719 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/2xxx/CVE-2006-2491.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[\"PHP_SELF\"] variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060517 Boastmachine Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434294/100/0/threaded"
},
{
"name" : "18012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18012"
},
{
"name" : "ADV-2006-1853",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1853"
},
{
"name" : "25617",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25617"
},
{
"name" : "25618",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25618"
},
{
"name" : "20149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20149"
},
{
"name" : "725",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/725"
},
{
"name" : "927",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/927"
},
{
"name" : "boastmachine-phpself-xss(26518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[\"PHP_SELF\"] variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "725",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/725"
},
{
"name": "boastmachine-phpself-xss(26518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26518"
},
{
"name": "ADV-2006-1853",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1853"
},
{
"name": "927",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/927"
},
{
"name": "20060517 Boastmachine Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434294/100/0/threaded"
},
{
"name": "25618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25618"
},
{
"name": "20149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20149"
},
{
"name": "25617",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25617"
},
{
"name": "18012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18012"
}
]
}
}

150
2006/2xxx/CVE-2006-2591.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://e107.org/comment.php?comment.news.788",
"refsource" : "CONFIRM",
"url" : "http://e107.org/comment.php?comment.news.788"
},
{
"name" : "ADV-2006-1963",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name" : "25740",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25740"
},
{
"name" : "20262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20262"
},
{
"name": "http://e107.org/comment.php?comment.news.788",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25740"
}
]
}
}

160
2006/2xxx/CVE-2006-2618.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2618",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the \"write a review\" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060523 AlstraSoft Web Host Directory v1.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434912/100/0/threaded"
},
{
"name" : "http://www.sitepoint.com/forums/showthread.php?t=311969",
"refsource" : "MISC",
"url" : "http://www.sitepoint.com/forums/showthread.php?t=311969"
},
{
"name" : "955",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/955"
},
{
"name" : "hs-webhostdirectory-review-xss(26666)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26666"
},
{
"name" : "webhostdirectory-review-xss(26665)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the \"write a review\" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "955",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/955"
},
{
"name": "http://www.sitepoint.com/forums/showthread.php?t=311969",
"refsource": "MISC",
"url": "http://www.sitepoint.com/forums/showthread.php?t=311969"
},
{
"name": "hs-webhostdirectory-review-xss(26666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26666"
},
{
"name": "20060523 AlstraSoft Web Host Directory v1.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434912/100/0/threaded"
},
{
"name": "webhostdirectory-review-xss(26665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26665"
}
]
}
}

170
2006/2xxx/CVE-2006-2850.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html"
},
{
"name" : "18267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18267"
},
{
"name" : "ADV-2006-2123",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2123"
},
{
"name" : "25963",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25963"
},
{
"name" : "20417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20417"
},
{
"name" : "labwiki-recentchanges(26902)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26902"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18267"
},
{
"name": "labwiki-recentchanges(26902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26902"
},
{
"name": "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html"
},
{
"name": "ADV-2006-2123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2123"
},
{
"name": "20417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20417"
},
{
"name": "25963",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25963"
}
]
}
}

200
2006/3xxx/CVE-2006-3013.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060615 Advisory: Unauthorized password recovery in phpBannerExchange",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437294/100/0/threaded"
},
{
"name" : "20060615 Advisory: Unauthorized password recovery in phpBannerExchange",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"
},
{
"name" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php",
"refsource" : "CONFIRM",
"url" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"
},
{
"name" : "18448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18448"
},
{
"name" : "ADV-2006-2358",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2358"
},
{
"name" : "26509",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26509"
},
{
"name" : "20687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20687"
},
{
"name" : "phpbannerexchange-resetpw-info-disclosure(27193)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html"
},
{
"name": "18448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18448"
},
{
"name": "26509",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26509"
},
{
"name": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php",
"refsource": "CONFIRM",
"url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt"
},
{
"name": "ADV-2006-2358",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2358"
},
{
"name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded"
},
{
"name": "phpbannerexchange-resetpw-info-disclosure(27193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193"
},
{
"name": "20687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20687"
}
]
}
}

160
2006/3xxx/CVE-2006-3040.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060613 Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436993/100/0/threaded"
},
{
"name" : "20060615 Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437266/100/0/threaded"
},
{
"name" : "27455",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27455"
},
{
"name" : "1105",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1105"
},
{
"name" : "amr-talkbox-file-include(27122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060613 Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436993/100/0/threaded"
},
{
"name": "20060615 Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437266/100/0/threaded"
},
{
"name": "amr-talkbox-file-include(27122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27122"
},
{
"name": "27455",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27455"
},
{
"name": "1105",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1105"
}
]
}
}

170
2006/3xxx/CVE-2006-3065.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060612 blur6ex <= 0.3.462 'ID' blind sql injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437015/100/0/threaded"
},
{
"name" : "1904",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1904"
},
{
"name" : "ADV-2006-2341",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2341"
},
{
"name" : "20646",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20646"
},
{
"name" : "1113",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1113"
},
{
"name" : "blur6ex-blog-id-sql-injection(27120)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1113",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1113"
},
{
"name": "ADV-2006-2341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2341"
},
{
"name": "blur6ex-blog-id-sql-injection(27120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27120"
},
{
"name": "1904",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1904"
},
{
"name": "20060612 blur6ex <= 0.3.462 'ID' blind sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437015/100/0/threaded"
},
{
"name": "20646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20646"
}
]
}
}

330
2006/3xxx/CVE-2006-3081.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060614 MySQL DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437145"
},
{
"name" : "20060615 Re: MySQL DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437277"
},
{
"name" : "20060615 Re: MySQL DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437571/100/0/threaded"
},
{
"name" : "20060615 MySQL DoS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html"
},
{
"name" : "http://bugs.mysql.com/bug.php?id=15828",
"refsource" : "CONFIRM",
"url" : "http://bugs.mysql.com/bug.php?id=15828"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "DSA-1112",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1112"
},
{
"name" : "MDKSA-2006:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:111"
},
{
"name" : "RHSA-2007:0083",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0083.html"
},
{
"name" : "USN-306-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/306-1/"
},
{
"name" : "TA06-208A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "18439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18439"
},
{
"name" : "oval:org.mitre.oval:def:9516",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "20832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20832"
},
{
"name" : "19929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19929"
},
{
"name" : "20871",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20871"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "mysql-select-dos(27212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mysql-select-dos(27212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27212"
},
{
"name": "19929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19929"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "20060615 MySQL DoS",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913"
},
{
"name": "TA06-208A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html"
},
{
"name": "20832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20832"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "20060614 MySQL DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437145"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "MDKSA-2006:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:111"
},
{
"name": "20060615 Re: MySQL DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437277"
},
{
"name": "DSA-1112",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1112"
},
{
"name": "18439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18439"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "20871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20871"
},
{
"name": "RHSA-2007:0083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0083.html"
},
{
"name": "20060615 Re: MySQL DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437571/100/0/threaded"
},
{
"name": "USN-306-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/306-1/"
},
{
"name": "http://bugs.mysql.com/bug.php?id=15828",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=15828"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
},
{
"name": "oval:org.mitre.oval:def:9516",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516"
}
]
}
}

120
2006/6xxx/CVE-2006-6229.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6229",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ltwcalendar.sourceforge.net/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://ltwcalendar.sourceforge.net/changelog.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ltwcalendar.sourceforge.net/changelog.php",
"refsource": "CONFIRM",
"url": "http://ltwcalendar.sourceforge.net/changelog.php"
}
]
}
}

180
2006/6xxx/CVE-2006-6364.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061202 [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453420/100/0/threaded"
},
{
"name" : "http://www.insidesystems.net/projects/project.php?projectid=4",
"refsource" : "CONFIRM",
"url" : "http://www.insidesystems.net/projects/project.php?projectid=4"
},
{
"name" : "21424",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21424"
},
{
"name" : "ADV-2006-4848",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4848"
},
{
"name" : "23229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23229"
},
{
"name" : "1990",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1990"
},
{
"name" : "ismail-error-xss(30704)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.insidesystems.net/projects/project.php?projectid=4",
"refsource": "CONFIRM",
"url": "http://www.insidesystems.net/projects/project.php?projectid=4"
},
{
"name": "1990",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1990"
},
{
"name": "ismail-error-xss(30704)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30704"
},
{
"name": "20061202 [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453420/100/0/threaded"
},
{
"name": "ADV-2006-4848",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4848"
},
{
"name": "21424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21424"
},
{
"name": "23229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23229"
}
]
}
}

120
2006/6xxx/CVE-2006-6579.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\\pchealth\\ERRORREP\\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061213 ASP Cmd Shell On IIS 5.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454268/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\\pchealth\\ERRORREP\\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061213 ASP Cmd Shell On IIS 5.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454268/100/0/threaded"
}
]
}
}

160
2006/7xxx/CVE-2006-7076.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060722 [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html"
},
{
"name" : "http://www.majorsecurity.de/advisory/major_rls25.txt",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/advisory/major_rls25.txt"
},
{
"name" : "19905",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19905"
},
{
"name" : "2323",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2323"
},
{
"name" : "advancedguestbook-guestbook-xss(27907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2323",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2323"
},
{
"name": "http://www.majorsecurity.de/advisory/major_rls25.txt",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/advisory/major_rls25.txt"
},
{
"name": "20060722 [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html"
},
{
"name": "advancedguestbook-guestbook-xss(27907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27907"
},
{
"name": "19905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19905"
}
]
}
}

270
2011/0xxx/CVE-2011-0085.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648100",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648100"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100144854",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144854"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100145333",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100145333"
},
{
"name" : "DSA-2268",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2268"
},
{
"name" : "DSA-2269",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2269"
},
{
"name" : "DSA-2273",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2273"
},
{
"name" : "MDVSA-2011:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
},
{
"name" : "RHSA-2011:0885",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
},
{
"name" : "RHSA-2011:0886",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
},
{
"name" : "RHSA-2011:0887",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
},
{
"name" : "RHSA-2011:0888",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
},
{
"name" : "SUSE-SA:2011:028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name" : "USN-1149-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1149-1"
},
{
"name" : "oval:org.mitre.oval:def:14432",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432"
},
{
"name" : "45002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
},
{
"name": "45002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45002"
},
{
"name": "http://support.avaya.com/css/P8/documents/100145333",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100145333"
},
{
"name": "USN-1149-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1149-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=648100",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=648100"
},
{
"name": "oval:org.mitre.oval:def:14432",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144854",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144854"
},
{
"name": "RHSA-2011:0887",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
},
{
"name": "RHSA-2011:0885",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
},
{
"name": "DSA-2268",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2268"
},
{
"name": "RHSA-2011:0888",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
},
{
"name": "DSA-2269",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2269"
},
{
"name": "SUSE-SA:2011:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name": "RHSA-2011:0886",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
},
{
"name": "DSA-2273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2273"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0098.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2011-32/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-32/"
},
{
"name" : "MS11-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47235"
},
{
"name" : "71759",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71759"
},
{
"name" : "oval:org.mitre.oval:def:12034",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
},
{
"name" : "1025337",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025337"
},
{
"name" : "39122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39122"
},
{
"name" : "ADV-2011-0940",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39122"
},
{
"name": "71759",
"refsource": "OSVDB",
"url": "http://osvdb.org/71759"
},
{
"name": "oval:org.mitre.oval:def:12034",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034"
},
{
"name": "1025337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "47235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47235"
},
{
"name": "http://secunia.com/secunia_research/2011-32/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-32/"
},
{
"name": "MS11-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "ADV-2011-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}

240
2011/0xxx/CVE-2011-0402.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-2142",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2142"
},
{
"name" : "FEDORA-2011-0345",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name" : "FEDORA-2011-0362",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name" : "USN-1038-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name" : "45703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45703"
},
{
"name" : "70367",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70367"
},
{
"name" : "42826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42826"
},
{
"name" : "42831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42831"
},
{
"name" : "43054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43054"
},
{
"name" : "ADV-2011-0040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name" : "ADV-2011-0044",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name" : "ADV-2011-0196",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0196"
},
{
"name" : "dpkg-dpkgsource-symlink(64614)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "dpkg-dpkgsource-symlink(64614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614"
},
{
"name": "42826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "USN-1038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "70367",
"refsource": "OSVDB",
"url": "http://osvdb.org/70367"
},
{
"name": "ADV-2011-0040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "43054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
]
}
}

180
2011/0xxx/CVE-2011-0555.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110209 TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516333/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name" : "46327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46327"
},
{
"name" : "1025056",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025056"
},
{
"name" : "ADV-2011-0335",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name" : "shockwave-memory-code-execution(65257)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110209 TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516333/100/0/threaded"
},
{
"name": "shockwave-memory-code-execution(65257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65257"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02"
},
{
"name": "ADV-2011-0335",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0335"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html"
},
{
"name": "46327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46327"
},
{
"name": "1025056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025056"
}
]
}
}

130
2011/0xxx/CVE-2011-0941.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525"
},
{
"name" : "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525"
},
{
"name": "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm"
}
]
}
}

34
2011/1xxx/CVE-2011-1349.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1349",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1349",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

360
2011/3xxx/CVE-2011-3205.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"name" : "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"name" : "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"name" : "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"name" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=734583",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"name" : "DSA-2304",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2304"
},
{
"name" : "FEDORA-2011-11854",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html"
},
{
"name" : "MDVSA-2011:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150"
},
{
"name" : "RHSA-2011:1293",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1293.html"
},
{
"name" : "SUSE-SU-2011:1019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"name" : "openSUSE-SU-2011:1018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"name" : "SUSE-SU-2016:1996",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name" : "SUSE-SU-2016:2089",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name" : "49356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49356"
},
{
"name" : "74847",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/74847"
},
{
"name" : "1025981",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025981"
},
{
"name" : "45805",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45805"
},
{
"name" : "45906",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45906"
},
{
"name" : "45920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45920"
},
{
"name" : "45965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45965"
},
{
"name" : "46029",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:1293",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1293.html"
},
{
"name": "46029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46029"
},
{
"name": "45906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45906"
},
{
"name": "FEDORA-2011-11854",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "SUSE-SU-2011:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"name": "1025981",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025981"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch"
},
{
"name": "45965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45965"
},
{
"name": "45805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45805"
},
{
"name": "DSA-2304",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"name": "openSUSE-SU-2011:1018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"name": "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=734583",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "49356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49356"
},
{
"name": "74847",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74847"
},
{
"name": "45920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45920"
},
{
"name": "MDVSA-2011:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150"
}
]
}
}

34
2011/4xxx/CVE-2011-4145.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4145",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4145",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

34
2011/4xxx/CVE-2011-4152.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4152",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4152",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2011/4xxx/CVE-2011-4193.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SU-2011:1324",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:1324",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html"
}
]
}
}

34
2011/4xxx/CVE-2011-4441.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4441",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4441",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/4xxx/CVE-2011-4481.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4481",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4481",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/4xxx/CVE-2011-4891.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4891",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4891",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none."
}
]
}
}

34
2013/5xxx/CVE-2013-5346.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5346",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5346",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

180
2013/5xxx/CVE-2013-5351.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-5351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2013-13/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2013-13/"
},
{
"name" : "http://www.irfanview.com/main_history.htm",
"refsource" : "CONFIRM",
"url" : "http://www.irfanview.com/main_history.htm"
},
{
"name" : "64388",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64388"
},
{
"name" : "101065",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101065"
},
{
"name" : "54959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54959"
},
{
"name" : "irfanview-cve20135351-bo(89808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89808"
},
{
"name" : "irfanview-cve20135351-gif-bo(89820)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64388"
},
{
"name": "irfanview-cve20135351-gif-bo(89820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89820"
},
{
"name": "irfanview-cve20135351-bo(89808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89808"
},
{
"name": "54959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54959"
},
{
"name": "http://www.irfanview.com/main_history.htm",
"refsource": "CONFIRM",
"url": "http://www.irfanview.com/main_history.htm"
},
{
"name": "http://secunia.com/secunia_research/2013-13/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2013-13/"
},
{
"name": "101065",
"refsource": "OSVDB",
"url": "http://osvdb.org/101065"
}
]
}
}

230
2013/5xxx/CVE-2013-5372.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653087",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653087"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655202",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"
},
{
"name" : "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"
},
{
"name" : "IC96473",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473"
},
{
"name" : "RHSA-2013:1507",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
},
{
"name" : "RHSA-2013:1508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html"
},
{
"name" : "RHSA-2013:1509",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1509.html"
},
{
"name" : "RHSA-2013:1793",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html"
},
{
"name" : "SUSE-SU-2013:1677",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
},
{
"name" : "56338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56338"
},
{
"name" : "ibm-xml4j-cve20135372-dos(86662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC96473",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"
},
{
"name": "RHSA-2013:1508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"
},
{
"name": "SUSE-SU-2013:1677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
},
{
"name": "ibm-xml4j-cve20135372-dos(86662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86662"
},
{
"name": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653087",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653087"
},
{
"name": "RHSA-2013:1793",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"
},
{
"name": "RHSA-2013:1509",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"
},
{
"name": "RHSA-2013:1507",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
},
{
"name": "56338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56338"
}
]
}
}

120
2013/5xxx/CVE-2013-5750.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form",
"refsource" : "CONFIRM",
"url" : "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form",
"refsource": "CONFIRM",
"url": "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form"
}
]
}
}

180
2013/5xxx/CVE-2013-5858.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "SUSE-SU-2014:0130",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64820"
},
{
"name" : "102082",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102082"
},
{
"name" : "1029607",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029607"
},
{
"name" : "56452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029607"
},
{
"name": "64820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64820"
},
{
"name": "102082",
"refsource": "OSVDB",
"url": "http://osvdb.org/102082"
},
{
"name": "56452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56452"
},
{
"name": "SUSE-SU-2014:0130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

160
2013/5xxx/CVE-2013-5938.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130911 [Security-news] SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Sep/64"
},
{
"name" : "[oss-security] 20131021 RE: Re: CVE duplicates SA-CONTRIB-2013-075",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/21/5"
},
{
"name" : "https://drupal.org/node/2087055",
"refsource" : "MISC",
"url" : "https://drupal.org/node/2087055"
},
{
"name" : "97204",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/97204"
},
{
"name" : "drupal-click2sell-confirmation-xss(87050)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "drupal-click2sell-confirmation-xss(87050)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87050"
},
{
"name": "[oss-security] 20131021 RE: Re: CVE duplicates SA-CONTRIB-2013-075",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/21/5"
},
{
"name": "20130911 [Security-news] SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Sep/64"
},
{
"name": "97204",
"refsource": "OSVDB",
"url": "http://osvdb.org/97204"
},
{
"name": "https://drupal.org/node/2087055",
"refsource": "MISC",
"url": "https://drupal.org/node/2087055"
}
]
}
}

150
2014/2xxx/CVE-2014-2226.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"name" : "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name" : "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html",
"refsource" : "MISC",
"url" : "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
},
{
"name" : "68869",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68869"
},
{
"name": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html"
},
{
"name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/127"
},
{
"name": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html",
"refsource": "MISC",
"url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html"
}
]
}
}

130
2014/2xxx/CVE-2014-2947.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2947",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#112412",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/112412"
},
{
"name" : "67591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#112412",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/112412"
},
{
"name": "67591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67591"
}
]
}
}

34
2014/2xxx/CVE-2014-2991.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2991",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2991",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/6xxx/CVE-2014-6581.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "1031579",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "1031579",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031579"
}
]
}
}

140
2014/6xxx/CVE-2014-6735.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#586897",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/586897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#586897",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/586897"
}
]
}
}

140
2014/7xxx/CVE-2014-7011.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#370945",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/370945"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#370945",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/370945"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7732.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7732",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7732",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2017/0xxx/CVE-2017-0049.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "The VBScript engine in Microsoft Internet Explorer 11"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "The VBScript engine in Microsoft Internet Explorer 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049"
},
{
"name" : "96095",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96095"
},
{
"name" : "1038008",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96095"
}
]
}
}

150
2017/0xxx/CVE-2017-0070.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Browser",
"version" : {
"version_data" : [
{
"version_value" : "Browser"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_value": "Browser"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41623",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41623/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070"
},
{
"name" : "96690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96690"
},
{
"name" : "1038006",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96690"
},
{
"name": "41623",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41623/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}

150
2017/0xxx/CVE-2017-0108.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Graphics Component",
"version" : {
"version_data" : [
{
"version_value" : "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Graphics Component",
"version": {
"version_data": [
{
"version_value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41647",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41647/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
},
{
"name" : "96722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96722"
},
{
"name" : "1038002",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96722"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
},
{
"name": "1038002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038002"
},
{
"name": "41647",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41647/"
}
]
}
}

140
2017/0xxx/CVE-2017-0129.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Lync for Mac",
"version" : {
"version_data" : [
{
"version_value" : "Lync for Mac 2011"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka \"Microsoft Lync for Mac Certificate Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lync for Mac",
"version": {
"version_data": [
{
"version_value": "Lync for Mac 2011"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129"
},
{
"name" : "96752",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96752"
},
{
"name" : "1038020",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka \"Microsoft Lync for Mac Certificate Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038020",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038020"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129"
},
{
"name": "96752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96752"
}
]
}
}

34
2017/0xxx/CVE-2017-0992.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0992",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0992",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

124
2017/1000xxx/CVE-2017-1000035.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.284361",
"ID" : "CVE-2017-1000035",
"REQUESTER" : "dereks@lifeofadishwasher.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tiny Tiny RSS",
"version" : {
"version_data" : [
{
"version_value" : "Before 829d478f"
}
]
}
}
]
},
"vendor_name" : "Tiny Tiny RSS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.284361",
"ID": "CVE-2017-1000035",
"REQUESTER": "dereks@lifeofadishwasher.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47",
"refsource" : "CONFIRM",
"url" : "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47",
"refsource": "CONFIRM",
"url": "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47"
}
]
}
}

37
2017/1000xxx/CVE-2017-1000045.json
View File

@ -1,21 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.293405",
"ID" : "CVE-2017-1000045",
"REQUESTER" : "florent.daigniere@trustmatta.com",
"STATE" : "REJECT",
"STATE_DETAIL" : "BAD_REF_URL"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1000045",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none."
}
]
}
}

124
2017/1000xxx/CVE-2017-1000113.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.326025",
"ID" : "CVE-2017-1000113",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Deploy to container Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.12 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Deploy to container Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.326025",
"ID": "CVE-2017-1000113",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2017-08-07/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-08-07/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-08-07/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-08-07/"
}
]
}
}

34
2017/18xxx/CVE-2017-18336.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18336",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18336",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

164
2017/1xxx/CVE-2017-1125.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cognos Business Intelligence",
"version" : {
"version_data" : [
{
"version_value" : "10.1.1"
},
{
"version_value" : "10.2"
},
{
"version_value" : "10.2.1"
},
{
"version_value" : "10.2.1.1"
},
{
"version_value" : "10.2.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cognos Business Intelligence",
"version": {
"version_data": [
{
"version_value": "10.1.1"
},
{
"version_value": "10.2"
},
{
"version_value": "10.2.1"
},
{
"version_value": "10.2.1.1"
},
{
"version_value": "10.2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004036",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004036"
},
{
"name" : "98945",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004036",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004036"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340"
},
{
"name": "98945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98945"
}
]
}
}

232
2017/1xxx/CVE-2017-1169.json
View File

@ -1,118 +1,118 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-20T00:00:00",
"ID" : "CVE-2017-1169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "4.0"
},
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "4.0.3"
},
{
"version_value" : "4.0.4"
},
{
"version_value" : "4.0.5"
},
{
"version_value" : "4.0.6"
},
{
"version_value" : "5.0"
},
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-20T00:00:00",
"ID": "CVE-2017-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "4.0"
},
{
"version_value": "4.0.1"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.3"
},
{
"version_value": "4.0.4"
},
{
"version_value": "4.0.5"
},
{
"version_value": "4.0.6"
},
{
"version_value": "5.0"
},
{
"version_value": "4.0.7"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009296",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009296"
},
{
"name" : "101593",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009296",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
},
{
"name": "101593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101593"
}
]
}
}

142
2017/1xxx/CVE-2017-1751.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-15T00:00:00",
"ID" : "CVE-2017-1751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-15T00:00:00",
"ID": "CVE-2017-1751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation with Automation Anywhere",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22011185",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22011185"
},
{
"name" : "102217",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22011185",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011185"
},
{
"name": "102217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102217"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546"
}
]
}
}

34
2017/1xxx/CVE-2017-1906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1906",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1906",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4364.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4364",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4364",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

120
2017/5xxx/CVE-2017-5249.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Wink - Smart Home",
"version" : {
"version_data" : [
{
"version_value" : "6.1.0.19 and prior"
}
]
}
}
]
},
"vendor_name" : "Wink Labs Inc"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-922 (Insecure Storage of Sensitive Information)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wink - Smart Home",
"version": {
"version_data": [
{
"version_value": "6.1.0.19 and prior"
}
]
}
}
]
},
"vendor_name": "Wink Labs Inc"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 (Insecure Storage of Sensitive Information)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
}
]
}
}

160
2017/5xxx/CVE-2017-5617.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170127 SSRF issue in the svgsalamander library",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/27/3"
},
{
"name" : "[oss-security] 20170129 Re: SSRF issue in the svgsalamander library",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/29/2"
},
{
"name" : "https://github.com/blackears/svgSalamander/issues/11",
"refsource" : "CONFIRM",
"url" : "https://github.com/blackears/svgSalamander/issues/11"
},
{
"name" : "DSA-3781",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3781"
},
{
"name" : "95871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170129 Re: SSRF issue in the svgsalamander library",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/29/2"
},
{
"name": "95871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95871"
},
{
"name": "DSA-3781",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3781"
},
{
"name": "[oss-security] 20170127 SSRF issue in the svgsalamander library",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/27/3"
},
{
"name": "https://github.com/blackears/svgSalamander/issues/11",
"refsource": "CONFIRM",
"url": "https://github.com/blackears/svgSalamander/issues/11"
}
]
}
}

130
2017/5xxx/CVE-2017-5878.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/05/22/2"
},
{
"name" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"refsource" : "MISC",
"url" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"refsource": "MISC",
"url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
},
{
"name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/22/2"
}
]
}
}