admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:35:29 +00:00
parent 52c804e9d5
commit 6bb090612f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4091 additions and 4091 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2006/2xxx/CVE-2006-2294.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html",
"refsource" : "MISC",
"url" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html"
},
{
"name" : "17896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17896"
},
{
"name" : "ADV-2006-1699",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1699"
},
{
"name" : "25443",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25443"
},
{
"name" : "25444",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25444"
},
{
"name" : "19995",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19995"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1699",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1699"
},
{
"name": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html",
"refsource": "MISC",
"url": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html"
},
{
"name": "17896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17896"
},
{
"name": "25444",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25444"
},
{
"name": "25443",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25443"
},
{
"name": "19995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19995"
}
]
}
}

178
2006/3xxx/CVE-2006-3185.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060617 [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437492/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt"
},
{
"name" : "18489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18489"
},
{
"name" : "ADV-2006-2409",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2409"
},
{
"name" : "20713",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20713"
},
{
"name" : "1127",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1127"
},
{
"name" : "cms-faethon-dataheader-file-include(27330)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27330"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt"
},
{
"name": "20713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20713"
},
{
"name": "cms-faethon-dataheader-file-include(27330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27330"
},
{
"name": "1127",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1127"
},
{
"name": "20060617 [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437492/100/0/threaded"
},
{
"name": "18489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18489"
},
{
"name": "ADV-2006-2409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2409"
}
]
}
}

168
2006/3xxx/CVE-2006-3507.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-09-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html"
},
{
"name" : "VU#867796",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/867796"
},
{
"name" : "20144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20144"
},
{
"name" : "ADV-2006-3737",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3737"
},
{
"name" : "1016903",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016903"
},
{
"name" : "22068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22068"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22068"
},
{
"name": "ADV-2006-3737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3737"
},
{
"name": "APPLE-SA-2006-09-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html"
},
{
"name": "VU#867796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/867796"
},
{
"name": "1016903",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016903"
},
{
"name": "20144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20144"
}
]
}
}

208
2006/3xxx/CVE-2006-3524.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439617/100/0/threaded"
},
{
"name" : "20060711 Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440135/100/0/threaded"
},
{
"name" : "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047757.html"
},
{
"name" : "20060711 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047794.html"
},
{
"name" : "18906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18906"
},
{
"name" : "ADV-2006-2735",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2735"
},
{
"name" : "27122",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27122"
},
{
"name" : "1016455",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016455"
},
{
"name" : "20997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20997"
},
{
"name" : "sipxtapi-cseq-bo(27681)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27681"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2735",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2735"
},
{
"name": "27122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27122"
},
{
"name": "20997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20997"
},
{
"name": "sipxtapi-cseq-bo(27681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27681"
},
{
"name": "20060711 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047794.html"
},
{
"name": "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047757.html"
},
{
"name": "18906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18906"
},
{
"name": "20060711 Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440135/100/0/threaded"
},
{
"name": "1016455",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016455"
},
{
"name": "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439617/100/0/threaded"
}
]
}
}

158
2006/3xxx/CVE-2006-3562.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060702 plume-cms v1.0.4 Multiple Remote File include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438948/100/100/threaded"
},
{
"name" : "18780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18780"
},
{
"name" : "1016426",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016426"
},
{
"name" : "1220",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1220"
},
{
"name" : "plumecms-multiple-scripts-file-include(27530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18780"
},
{
"name": "20060702 plume-cms v1.0.4 Multiple Remote File include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438948/100/100/threaded"
},
{
"name": "plumecms-multiple-scripts-file-include(27530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530"
},
{
"name": "1220",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1220"
},
{
"name": "1016426",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016426"
}
]
}
}

168
2006/6xxx/CVE-2006-6243.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061126 [Aria-Security Team] FipsSHOP SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453029/100/0/threaded"
},
{
"name" : "http://www.aria-security.com/forum/showthread.php?t=46",
"refsource" : "MISC",
"url" : "http://www.aria-security.com/forum/showthread.php?t=46"
},
{
"name" : "21289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21289"
},
{
"name" : "ADV-2006-4779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4779"
},
{
"name" : "23147",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23147"
},
{
"name" : "1959",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1959"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4779"
},
{
"name": "1959",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1959"
},
{
"name": "http://www.aria-security.com/forum/showthread.php?t=46",
"refsource": "MISC",
"url": "http://www.aria-security.com/forum/showthread.php?t=46"
},
{
"name": "23147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23147"
},
{
"name": "20061126 [Aria-Security Team] FipsSHOP SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453029/100/0/threaded"
},
{
"name": "21289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21289"
}
]
}
}

168
2006/6xxx/CVE-2006-6712.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf",
"refsource" : "CONFIRM",
"url" : "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf"
},
{
"name" : "JVN#74079537",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2374079537/index.html"
},
{
"name" : "21694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21694"
},
{
"name" : "ADV-2006-5100",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5100"
},
{
"name" : "1017434",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017434"
},
{
"name" : "23424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23424"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017434",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017434"
},
{
"name": "JVN#74079537",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2374079537/index.html"
},
{
"name": "ADV-2006-5100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5100"
},
{
"name": "23424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23424"
},
{
"name": "21694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21694"
},
{
"name": "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf",
"refsource": "CONFIRM",
"url": "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf"
}
]
}
}

118
2006/6xxx/CVE-2006-6748.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-5118",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5118"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5118",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5118"
}
]
}
}

148
2006/6xxx/CVE-2006-6792.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2993",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2993"
},
{
"name" : "21763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21763"
},
{
"name" : "ADV-2006-5151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5151"
},
{
"name" : "23515",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23515"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5151"
},
{
"name": "21763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21763"
},
{
"name": "23515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23515"
},
{
"name": "2993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2993"
}
]
}
}

148
2006/6xxx/CVE-2006-6809.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3026",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3026"
},
{
"name" : "21793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21793"
},
{
"name" : "ADV-2006-5195",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5195"
},
{
"name" : "bubla-process-file-include(31135)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31135"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5195"
},
{
"name": "bubla-process-file-include(31135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31135"
},
{
"name": "3026",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3026"
},
{
"name": "21793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21793"
}
]
}
}

128
2006/6xxx/CVE-2006-6971.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sla.ckers.org/forum/read.php?13,2253",
"refsource" : "MISC",
"url" : "http://sla.ckers.org/forum/read.php?13,2253"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=356355",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=356355"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=356355",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356355"
},
{
"name": "http://sla.ckers.org/forum/read.php?13,2253",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?13,2253"
}
]
}
}

188
2011/0xxx/CVE-2011-0008.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=668843",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name" : "FEDORA-2011-0470",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name" : "FEDORA-2011-0455",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name" : "MDVSA-2011:018",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name" : "42968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42968"
},
{
"name" : "ADV-2011-0195",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name" : "ADV-2011-0199",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0199"
},
{
"name" : "sudo-parse-privilege-escalation(64965)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:018",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=668843",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42968"
}
]
}
}

248
2011/0xxx/CVE-2011-0654.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka \"Browser Pool Corruption Vulnerability.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16166",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16166"
},
{
"name" : "20110214 MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html"
},
{
"name" : "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx"
},
{
"name" : "MS11-019",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "VU#323172",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/323172"
},
{
"name" : "46360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46360"
},
{
"name" : "oval:org.mitre.oval:def:12637",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637"
},
{
"name" : "1025328",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025328"
},
{
"name" : "43299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43299"
},
{
"name" : "ADV-2011-0394",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0394"
},
{
"name" : "ADV-2011-0938",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0938"
},
{
"name" : "ms-win-server-browser-bo(65376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65376"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka \"Browser Pool Corruption Vulnerability.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "VU#323172",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/323172"
},
{
"name": "16166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16166"
},
{
"name": "ADV-2011-0394",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0394"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx"
},
{
"name": "1025328",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025328"
},
{
"name": "20110214 MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html"
},
{
"name": "46360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46360"
},
{
"name": "ADV-2011-0938",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0938"
},
{
"name": "43299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43299"
},
{
"name": "ms-win-server-browser-bo(65376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65376"
},
{
"name": "MS11-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019"
},
{
"name": "oval:org.mitre.oval:def:12637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637"
}
]
}
}

118
2011/0xxx/CVE-2011-0805.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

138
2011/0xxx/CVE-2011-0845.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name" : "48794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48794"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "48794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48794"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

138
2011/0xxx/CVE-2011-0935.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html"
},
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html"
},
{
"name" : "47407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47407"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html"
},
{
"name": "47407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47407"
}
]
}
}

158
2011/1xxx/CVE-2011-1111.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=70078",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=70078"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
},
{
"name" : "46614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46614"
},
{
"name" : "oval:org.mitre.oval:def:14245",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14245"
},
{
"name" : "google-chrome-form-controls-unspecified(65729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65729"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=70078",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=70078"
},
{
"name": "google-chrome-form-controls-unspecified(65729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65729"
},
{
"name": "oval:org.mitre.oval:def:14245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14245"
},
{
"name": "46614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46614"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
}
]
}
}

158
2011/1xxx/CVE-2011-1623.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110601 Default Credentials for root Account on the Cisco Media Experience Engine 5600",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80122.shtml"
},
{
"name" : "48078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48078"
},
{
"name" : "72721",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72721"
},
{
"name" : "1025590",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025590"
},
{
"name" : "cisco-mxe-default-password(67760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67760"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72721",
"refsource": "OSVDB",
"url": "http://osvdb.org/72721"
},
{
"name": "cisco-mxe-default-password(67760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67760"
},
{
"name": "48078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48078"
},
{
"name": "20110601 Default Credentials for root Account on the Cisco Media Experience Engine 5600",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80122.shtml"
},
{
"name": "1025590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025590"
}
]
}
}

32
2011/1xxx/CVE-2011-1695.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1695",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1695",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2011/3xxx/CVE-2011-3249.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5016",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5016"
},
{
"name" : "http://support.apple.com/kb/HT5130",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5130"
},
{
"name" : "APPLE-SA-2012-02-01-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:16130",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16130"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:16130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16130"
},
{
"name": "http://support.apple.com/kb/HT5016",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5016"
}
]
}
}

32
2011/3xxx/CVE-2011-3445.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3445",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3445",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2011/4xxx/CVE-2011-4122.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111207 Disputing CVE-2011-4122",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/12/07/3"
},
{
"name" : "[oss-security] 20111208 Re: Disputing CVE-2011-4122",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/12/08/9"
},
{
"name" : "http://c-skills.blogspot.com/2011/11/openpam-trickery.html",
"refsource" : "MISC",
"url" : "http://c-skills.blogspot.com/2011/11/openpam-trickery.html"
},
{
"name" : "http://stealth.openwall.net/xSports/pamslam",
"refsource" : "MISC",
"url" : "http://stealth.openwall.net/xSports/pamslam"
},
{
"name" : "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c",
"refsource" : "CONFIRM",
"url" : "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c"
},
{
"name" : "76945",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76945"
},
{
"name" : "46756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46756"
},
{
"name" : "46804",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46804"
},
{
"name" : "openpam-Pamstart-privilege-escalation(71205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://stealth.openwall.net/xSports/pamslam",
"refsource": "MISC",
"url": "http://stealth.openwall.net/xSports/pamslam"
},
{
"name": "46756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46756"
},
{
"name": "[oss-security] 20111207 Disputing CVE-2011-4122",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/12/07/3"
},
{
"name": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c",
"refsource": "CONFIRM",
"url": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c"
},
{
"name": "openpam-Pamstart-privilege-escalation(71205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205"
},
{
"name": "76945",
"refsource": "OSVDB",
"url": "http://osvdb.org/76945"
},
{
"name": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html",
"refsource": "MISC",
"url": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html"
},
{
"name": "[oss-security] 20111208 Re: Disputing CVE-2011-4122",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/12/08/9"
},
{
"name": "46804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46804"
}
]
}
}

158
2011/4xxx/CVE-2011-4783.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-015",
"refsource" : "MISC",
"url" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-015"
},
{
"name" : "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip"
},
{
"name" : "http://code.google.com/p/idapython/source/detail?r=361",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/idapython/source/detail?r=361"
},
{
"name" : "47295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47295"
},
{
"name" : "idapro-idb-code-execution(71936)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71936"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47295"
},
{
"name": "idapro-idb-code-execution(71936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71936"
},
{
"name": "http://code.google.com/p/idapython/source/detail?r=361",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/idapython/source/detail?r=361"
},
{
"name": "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip"
},
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-015",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-015"
}
]
}
}

128
2011/4xxx/CVE-2011-4848.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html",
"refsource" : "MISC",
"url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html"
},
{
"name" : "ppp-cp-httpresponse-info-disc(72223)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72223"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ppp-cp-httpresponse-info-disc(72223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72223"
},
{
"name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html",
"refsource": "MISC",
"url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html"
}
]
}
}

168
2013/5xxx/CVE-2013-5890.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Exception Reporting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64816"
},
{
"name" : "102104",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102104"
},
{
"name" : "1029619",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029619"
},
{
"name" : "56471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56471"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Exception Reporting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029619"
},
{
"name": "64816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64816"
},
{
"name": "102104",
"refsource": "OSVDB",
"url": "http://osvdb.org/102104"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "56471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56471"
}
]
}
}

148
2014/2xxx/CVE-2014-2005.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-2005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx"
},
{
"name" : "JVN#63940326",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN63940326/index.html"
},
{
"name" : "JVNDB-2014-000061",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061"
},
{
"name" : "68169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68169"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000061",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx"
},
{
"name": "JVN#63940326",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63940326/index.html"
},
{
"name": "68169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68169"
}
]
}
}

258
2014/2xxx/CVE-2014-2483.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the \"use of privileged annotations.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003",
"refsource" : "CONFIRM",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1119626",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1119626"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "DSA-2987",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2987"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "RHSA-2014:0902",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name" : "68608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68608"
},
{
"name" : "1030577",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030577"
},
{
"name" : "60485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60485"
},
{
"name" : "60812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60812"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the \"use of privileged annotations.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2987",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2987"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "1030577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030577"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "60812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60812"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119626",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119626"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "60485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60485"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003",
"refsource": "CONFIRM",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "RHSA-2014:0902",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0902"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "68608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68608"
}
]
}
}

148
2014/2xxx/CVE-2014-2797.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "68380",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68380"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "68380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68380"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}
}

148
2014/2xxx/CVE-2014-2813.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2786 and CVE-2014-2792."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "68390",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68390"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2786 and CVE-2014-2792."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "68390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68390"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}
}

138
2014/6xxx/CVE-2014-6121.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035"
},
{
"name" : "1031427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031427"
},
{
"name" : "ibm-appscan-cve20146121-xss(96722)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96722"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031427"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035"
},
{
"name": "ibm-appscan-cve20146121-xss(96722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96722"
}
]
}
}

138
2014/6xxx/CVE-2014-6564.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "SUSE-SU-2015:0743",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name" : "70511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70511"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70511"
},
{
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

128
2014/6xxx/CVE-2014-6582.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "1031579",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031579"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "1031579",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031579"
}
]
}
}

138
2014/6xxx/CVE-2014-6595.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "GLSA-201612-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-27"
},
{
"name" : "openSUSE-SU-2015:0229",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201612-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "openSUSE-SU-2015:0229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
}
]
}
}

138
2014/6xxx/CVE-2014-6743.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#436329",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/436329"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#436329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/436329"
}
]
}
}

138
2014/6xxx/CVE-2014-6787.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#690033",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/690033"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#690033",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/690033"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7075.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#460353",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/460353"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#460353",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/460353"
}
]
}
}

32
2014/7xxx/CVE-2014-7245.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7245",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7245",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

138
2014/7xxx/CVE-2014-7328.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#556361",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/556361"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#556361",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/556361"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7652.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#671377",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/671377"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#671377",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/671377"
}
]
}
}

138
2017/0xxx/CVE-2017-0168.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Hyper-V",
"version" : {
"version_data" : [
{
"version_value" : "Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Hyper-V",
"version": {
"version_data": [
{
"version_value": "Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168"
},
{
"name" : "97418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97418"
},
{
"name" : "1038232",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038232"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038232"
},
{
"name": "97418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97418"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168"
}
]
}
}

32
2017/0xxx/CVE-2017-0512.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0512",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0512",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/0xxx/CVE-2017-0664.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99470",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99470"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99470"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
}

128
2017/0xxx/CVE-2017-0887.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2017-0887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nextcloud Server",
"version" : {
"version_data" : [
{
"version_value" : "All versions before 9.0.55 and 10.0.2"
}
]
}
}
]
},
"vendor_name" : "Nextcloud"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reliance on Untrusted Inputs in a Security Decision (CWE-807)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "All versions before 9.0.55 and 10.0.2"
}
]
}
}
]
},
"vendor_name": "Nextcloud"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/173622",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/173622"
},
{
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005",
"refsource" : "CONFIRM",
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reliance on Untrusted Inputs in a Security Decision (CWE-807)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005"
},
{
"name": "https://hackerone.com/reports/173622",
"refsource": "MISC",
"url": "https://hackerone.com/reports/173622"
}
]
}
}

130
2017/0xxx/CVE-2017-0931.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-0931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "html-janitor node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "html-janitor node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/guardian/html-janitor/issues/34",
"refsource" : "MISC",
"url" : "https://github.com/guardian/html-janitor/issues/34"
},
{
"name" : "https://hackerone.com/reports/308155",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/308155"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/guardian/html-janitor/issues/34",
"refsource": "MISC",
"url": "https://github.com/guardian/html-janitor/issues/34"
},
{
"name": "https://hackerone.com/reports/308155",
"refsource": "MISC",
"url": "https://hackerone.com/reports/308155"
}
]
}
}

280
2017/1000xxx/CVE-2017-1000366.json
View File

@ -1,143 +1,143 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"ID" : "CVE-2017-1000366",
"REQUESTER" : "qsa@qualys.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "glibc",
"version" : {
"version_data" : [
{
"version_value" : "2.25"
}
]
}
}
]
},
"vendor_name" : "GNU Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "A specific CWE doesn't exist, listing as unknown for now"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000366",
"REQUESTER": "qsa@qualys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42274",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42274/"
},
{
"name" : "42275",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42275/"
},
{
"name" : "42276",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42276/"
},
{
"name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource" : "MISC",
"url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name" : "https://access.redhat.com/security/cve/CVE-2017-1000366",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/cve/CVE-2017-1000366"
},
{
"name" : "https://www.suse.com/security/cve/CVE-2017-1000366/",
"refsource" : "CONFIRM",
"url" : "https://www.suse.com/security/cve/CVE-2017-1000366/"
},
{
"name" : "https://www.suse.com/support/kb/doc/?id=7020973",
"refsource" : "CONFIRM",
"url" : "https://www.suse.com/support/kb/doc/?id=7020973"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10205",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10205"
},
{
"name" : "DSA-3887",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3887"
},
{
"name" : "GLSA-201706-19",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-19"
},
{
"name" : "RHSA-2017:1479",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1479"
},
{
"name" : "RHSA-2017:1480",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1480"
},
{
"name" : "RHSA-2017:1481",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1481"
},
{
"name" : "RHSA-2017:1567",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"name" : "RHSA-2017:1712",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"name" : "99127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99127"
},
{
"name" : "1038712",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038712"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "1038712",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038712"
},
{
"name": "42275",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42275/"
},
{
"name": "RHSA-2017:1712",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1712"
},
{
"name": "https://www.suse.com/security/cve/CVE-2017-1000366/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
},
{
"name": "RHSA-2017:1479",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1479"
},
{
"name": "RHSA-2017:1480",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1480"
},
{
"name": "99127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99127"
},
{
"name": "42276",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42276/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=7020973",
"refsource": "CONFIRM",
"url": "https://www.suse.com/support/kb/doc/?id=7020973"
},
{
"name": "RHSA-2017:1567",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"name": "42274",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42274/"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-1000366",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
},
{
"name": "RHSA-2017:1481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1481"
},
{
"name": "DSA-3887",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3887"
},
{
"name": "GLSA-201706-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-19"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205"
}
]
}
}

140
2017/1000xxx/CVE-2017-1000376.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"ID" : "CVE-2017-1000376",
"REQUESTER" : "qsa@qualys.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "libffi",
"version" : {
"version_data" : [
{
"version_value" : "3.1"
}
]
}
}
]
},
"vendor_name" : "libffi"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Requests executable stack"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000376",
"REQUESTER": "qsa@qualys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource" : "MISC",
"url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name" : "https://access.redhat.com/security/cve/CVE-2017-1000376",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/cve/CVE-2017-1000376"
},
{
"name" : "DSA-3889",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3889"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-1000376",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000376"
},
{
"name": "DSA-3889",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3889"
}
]
}
}

118
2017/18xxx/CVE-2017-18223.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18223",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://communities.bmc.com/thread/165887",
"refsource" : "CONFIRM",
"url" : "https://communities.bmc.com/thread/165887"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://communities.bmc.com/thread/165887",
"refsource": "CONFIRM",
"url": "https://communities.bmc.com/thread/165887"
}
]
}
}

32
2017/1xxx/CVE-2017-1070.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1070",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

164
2017/1xxx/CVE-2017-1331.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-02T00:00:00",
"ID" : "CVE-2017-1331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
{
"version_value" : "3.0.0"
},
{
"version_value" : "2.0.3.5"
},
{
"version_value" : "2.0.3.6"
},
{
"version_value" : "2.0.3.7"
},
{
"version_value" : "2.0.3.8"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-1331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Navigator",
"version": {
"version_data": [
{
"version_value": "3.0.0"
},
{
"version_value": "2.0.3.5"
},
{
"version_value": "2.0.3.6"
},
{
"version_value": "2.0.3.7"
},
{
"version_value": "2.0.3.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003928",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003928"
},
{
"name" : "100120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100120"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003928",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003928"
},
{
"name": "100120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100120"
}
]
}
}

32
2017/1xxx/CVE-2017-1360.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1360",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1360",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

386
2017/1xxx/CVE-2017-1516.json
View File

@ -1,196 +1,196 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-23T00:00:00",
"ID" : "CVE-2017-1516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS",
"version" : {
"version_data" : [
{
"version_value" : "9.5"
},
{
"version_value" : "9.5.0.1"
},
{
"version_value" : "9.5.1"
},
{
"version_value" : "9.5.1.1"
},
{
"version_value" : "9.5.1.2"
},
{
"version_value" : "9.5.2"
},
{
"version_value" : "9.5.2.1"
},
{
"version_value" : "9.6"
},
{
"version_value" : "9.5.0.2"
},
{
"version_value" : "9.5.0.3"
},
{
"version_value" : "9.5.1.3"
},
{
"version_value" : "9.5.1.4"
},
{
"version_value" : "9.5.2.2"
},
{
"version_value" : "9.5.2.3"
},
{
"version_value" : "9.6.0.1"
},
{
"version_value" : "9.6.0.2"
},
{
"version_value" : "9.6.1"
},
{
"version_value" : "9.6.1.1"
},
{
"version_value" : "9.5.0.4"
},
{
"version_value" : "9.5.1.5"
},
{
"version_value" : "9.5.2.4"
},
{
"version_value" : "9.6.0.3"
},
{
"version_value" : "9.6.1.2"
},
{
"version_value" : "9.6.1.3"
},
{
"version_value" : "9.6.1.4"
},
{
"version_value" : "9.5.0.5"
},
{
"version_value" : "9.5.1.6"
},
{
"version_value" : "9.5.2.5"
},
{
"version_value" : "9.6.0.4"
},
{
"version_value" : "9.5.0.6"
},
{
"version_value" : "9.5.1.7"
},
{
"version_value" : "9.5.2.6"
},
{
"version_value" : "9.6.0.5"
},
{
"version_value" : "9.6.1.5"
},
{
"version_value" : "9.6.1.6"
},
{
"version_value" : "9.6.1.7"
},
{
"version_value" : "9.5.0.7"
},
{
"version_value" : "9.5.1.8"
},
{
"version_value" : "9.5.2.7"
},
{
"version_value" : "9.6.0.6"
},
{
"version_value" : "9.6.1.8"
},
{
"version_value" : "9.6.1.9"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name" : "102867",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102867"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102867"
}
]
}
}

32
2017/1xxx/CVE-2017-1616.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1616",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1616",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2017/1xxx/CVE-2017-1743.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-05-02T00:00:00",
"ID" : "CVE-2017-1743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-02T00:00:00",
"ID": "CVE-2017-1743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22013601",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013601"
},
{
"name" : "104134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104134"
},
{
"name" : "1040890",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040890"
},
{
"name" : "ibm-websphere-cve20171743-info-disc(134933)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134933"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20171743-info-disc(134933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134933"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013601",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013601"
},
{
"name": "1040890",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040890"
},
{
"name": "104134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104134"
}
]
}
}

118
2017/5xxx/CVE-2017-5256.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ePMP",
"version" : {
"version_data" : [
{
"version_value" : "3.5 and prior"
}
]
}
}
]
},
"vendor_name" : "Cambium Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ePMP",
"version": {
"version_data": [
{
"version_value": "3.5 and prior"
}
]
}
}
]
},
"vendor_name": "Cambium Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
}

168
2017/5xxx/CVE-2017-5571.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"name" : "https://support.citrix.com/article/CTX219885",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX219885"
},
{
"name" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource" : "CONFIRM",
"url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name" : "96028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96028"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "96028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96028"
},
{
"name": "https://support.citrix.com/article/CTX219885",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX219885"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
]
}
}

140
2017/5xxx/CVE-2017-5825.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-05-25T00:00:00",
"ID" : "CVE-2017-5825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Aruba ClearPass Policy Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.6.x"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "privilage escalation"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-05-25T00:00:00",
"ID": "CVE-2017-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "6.6.x"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
},
{
"name" : "98722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98722"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilage escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"
},
{
"name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"
},
{
"name": "98722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98722"
}
]
}
}