admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:15:00 +00:00
parent ffa70f4daa
commit 6f8ba33042
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4374 additions and 4374 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0593.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0593", "ID": "CVE-2006-0593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.php-fusion.co.uk/news.php?readmore=307", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.php-fusion.co.uk/news.php?readmore=307" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php."
{ }
"name" : "http://www.php-fusion.co.uk/downloads.php?cat_id=3", ]
"refsource" : "CONFIRM", },
"url" : "http://www.php-fusion.co.uk/downloads.php?cat_id=3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16548", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16548" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0463", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0463" ]
}, },
{ "references": {
"name" : "22980", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22980" "name": "phpfusion-multiple-xss(24548)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24548"
"name" : "22981", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22981" "name": "http://www.php-fusion.co.uk/news.php?readmore=307",
}, "refsource": "CONFIRM",
{ "url": "http://www.php-fusion.co.uk/news.php?readmore=307"
"name" : "18949", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18949" "name": "ADV-2006-0463",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0463"
"name" : "phpfusion-multiple-xss(24548)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24548" "name": "16548",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16548"
} },
} {
"name": "http://www.php-fusion.co.uk/downloads.php?cat_id=3",
"refsource": "CONFIRM",
"url": "http://www.php-fusion.co.uk/downloads.php?cat_id=3"
},
{
"name": "18949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18949"
},
{
"name": "22981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22981"
},
{
"name": "22980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22980"
}
]
}
}

170
2006/0xxx/CVE-2006-0856.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0856", "ID": "CVE-2006-0856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060216 [eVuln] SmE GB Host Authentication Bypass Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425317/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter."
{ }
"name" : "http://www.evuln.com/vulns/66/summary.html", ]
"refsource" : "MISC", },
"url" : "http://www.evuln.com/vulns/66/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16609", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16609" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0543", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0543" ]
}, },
{ "references": {
"name" : "18823", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18823" "name": "http://www.evuln.com/vulns/66/summary.html",
}, "refsource": "MISC",
{ "url": "http://www.evuln.com/vulns/66/summary.html"
"name" : "smegbhost-login-sql-injection(24544)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24544" "name": "ADV-2006-0543",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0543"
} },
} {
"name": "16609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16609"
},
{
"name": "smegbhost-login-sql-injection(24544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24544"
},
{
"name": "20060216 [eVuln] SmE GB Host Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425317/100/0/threaded"
},
{
"name": "18823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18823"
}
]
}
}

180
2006/3xxx/CVE-2006-3322.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3322", "ID": "CVE-2006-3322",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438706/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function."
{ }
"name" : "http://secunia.com/secunia_research/2006-47/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2006-47/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18720", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18720" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2592", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2592" ]
}, },
{ "references": {
"name" : "20200", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20200" "name": "http://secunia.com/secunia_research/2006-47/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2006-47/advisory/"
"name" : "1173", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1173" "name": "ADV-2006-2592",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2592"
"name" : "phpraid-logging-sql-injection(27458)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27458" "name": "20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/438706/100/0/threaded"
} },
} {
"name": "phpraid-logging-sql-injection(27458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27458"
},
{
"name": "18720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18720"
},
{
"name": "1173",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1173"
},
{
"name": "20200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20200"
}
]
}
}

200
2006/3xxx/CVE-2006-3495.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3495", "ID": "CVE-2006-3495",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2006-08-01", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" "lang": "eng",
}, "value": "AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users."
{ }
"name" : "TA06-214A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#168020", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/168020" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19289", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19289" ]
}, },
{ "references": {
"name" : "ADV-2006-3101", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3101" "name": "macosx-afp-file-access(28136)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28136"
"name" : "27732", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27732" "name": "APPLE-SA-2006-08-01",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
"name" : "1016620", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016620" "name": "ADV-2006-3101",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3101"
"name" : "21253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21253" "name": "21253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21253"
"name" : "macosx-afp-file-access(28136)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28136" "name": "19289",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19289"
} },
} {
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "VU#168020",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/168020"
},
{
"name": "1016620",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016620"
},
{
"name": "27732",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27732"
}
]
}
}

130
2006/3xxx/CVE-2006-3962.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3962", "ID": "CVE-2006-3962",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2090", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2090" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
{ }
"name" : "19231", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19231" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2090",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2090"
},
{
"name": "19231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19231"
}
]
}
}

150
2006/4xxx/CVE-2006-4106.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4106", "ID": "CVE-2006-4106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060806 blur6ex 0.3 Comment title HTML inyection vuln.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442435/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title."
{ }
"name" : "19392", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19392" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1372", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1372" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "blur6ex-title-xss(28275)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28275" ]
} },
] "references": {
} "reference_data": [
} {
"name": "blur6ex-title-xss(28275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28275"
},
{
"name": "19392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19392"
},
{
"name": "20060806 blur6ex 0.3 Comment title HTML inyection vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442435/100/0/threaded"
},
{
"name": "1372",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1372"
}
]
}
}

170
2006/4xxx/CVE-2006-4675.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4675", "ID": "CVE-2006-4675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445516/100/0/threaded" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors."
{ }
"name" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html", ]
"refsource" : "MISC", },
"url" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200609-10", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200609-10.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21819", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21819" ]
}, },
{ "references": {
"name" : "21936", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21936" "name": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html",
}, "refsource": "MISC",
{ "url": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html"
"name" : "1537", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1537" "name": "1537",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1537"
} },
} {
"name": "GLSA-200609-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-10.xml"
},
{
"name": "21936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21936"
},
{
"name": "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445516/100/0/threaded"
},
{
"name": "21819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21819"
}
]
}
}

220
2006/4xxx/CVE-2006-4900.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4900", "ID": "CVE-2006-4900",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via \"..\" sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446611/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via \"..\" sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function."
{ }
"name" : "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/446716/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", "description": [
"refsource" : "MISC", {
"url" : "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", ]
"refsource" : "CONFIRM", }
"url" : "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9" ]
}, },
{ "references": {
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617" "name": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt",
}, "refsource": "MISC",
{ "url": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt"
"name" : "20139", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20139" "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9",
}, "refsource": "CONFIRM",
{ "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9"
"name" : "ADV-2006-3738", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3738" "name": "1016910",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016910"
"name" : "29010", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29010" "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617",
}, "refsource": "CONFIRM",
{ "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617"
"name" : "1016910", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016910" "name": "22023",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22023"
"name" : "22023", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22023" "name": "29010",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29010"
"name" : "ca-etrust-esmpauditservlet-dir-traversal(29104)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29104" "name": "ca-etrust-esmpauditservlet-dir-traversal(29104)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29104"
} },
} {
"name": "20139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20139"
},
{
"name": "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446716/100/0/threaded"
},
{
"name": "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446611/100/0/threaded"
},
{
"name": "ADV-2006-3738",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3738"
}
]
}
}

150
2006/6xxx/CVE-2006-6571.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6571", "ID": "CVE-2006-6571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/454385/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters."
{ }
"name" : "21595", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21595" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2035", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2035" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "genesis-index-form-xss(30890)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30890" ]
} },
] "references": {
} "reference_data": [
} {
"name": "21595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21595"
},
{
"name": "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454385/100/0/threaded"
},
{
"name": "2035",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2035"
},
{
"name": "genesis-index-form-xss(30890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30890"
}
]
}
}

150
2006/6xxx/CVE-2006-6960.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6960", "ID": "CVE-2006-6960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060620 Multiple Bypass and Integrity Lost Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437814/100/200/threaded" "lang": "eng",
}, "value": "The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression."
{ }
"name" : "http://www.sentinel.gr/advisories/SGA-0001.txt", ]
"refsource" : "MISC", },
"url" : "http://www.sentinel.gr/advisories/SGA-0001.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27536", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27536" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "spy-sweeper-archive-security-bypass(27266)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27266" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060620 Multiple Bypass and Integrity Lost Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437814/100/200/threaded"
},
{
"name": "spy-sweeper-archive-security-bypass(27266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27266"
},
{
"name": "27536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27536"
},
{
"name": "http://www.sentinel.gr/advisories/SGA-0001.txt",
"refsource": "MISC",
"url": "http://www.sentinel.gr/advisories/SGA-0001.txt"
}
]
}
}

140
2006/7xxx/CVE-2006-7013.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7013", "ID": "CVE-2006-7013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060601 SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435686/30/4740/threaded" "lang": "eng",
}, "value": "** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue."
{ }
"name" : "2256", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/2256" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "smf-xforward-ip-spoofing(27082)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27082" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2256",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2256"
},
{
"name": "smf-xforward-ip-spoofing(27082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27082"
},
{
"name": "20060601 SMF 1.0.7 and lower plus 1.1rc2 and lower - IP spoofing vulnerability/IP ban evasion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435686/30/4740/threaded"
}
]
}
}

160
2010/2xxx/CVE-2010-2136.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2136", "ID": "CVE-2010-2136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
{ }
"name" : "38461", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/38461" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "62624", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/62624" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38715", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/38715" ]
}, },
{ "references": {
"name" : "articlefriendly-index-file-include(56598)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56598" "name": "38715",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/38715"
} },
} {
"name": "38461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38461"
},
{
"name": "62624",
"refsource": "OSVDB",
"url": "http://osvdb.org/62624"
},
{
"name": "articlefriendly-index-file-include(56598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56598"
},
{
"name": "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1002-exploits/articlefriendly-lfi.txt"
}
]
}
}

120
2010/2xxx/CVE-2010-2393.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-2393", "ID": "CVE-2010-2393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
} "value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

150
2010/2xxx/CVE-2010-2739.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-2739", "ID": "CVE-2010-2739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ragestorm.net/blogs/?p=255", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ragestorm.net/blogs/?p=255" "lang": "eng",
}, "value": "Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors."
{ }
"name" : "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx", ]
"refsource" : "CONFIRM", },
"url" : "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40870", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40870" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-2029", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/2029" ]
} },
] "references": {
} "reference_data": [
} {
"name": "40870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40870"
},
{
"name": "http://www.ragestorm.net/blogs/?p=255",
"refsource": "MISC",
"url": "http://www.ragestorm.net/blogs/?p=255"
},
{
"name": "ADV-2010-2029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2029"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx"
}
]
}
}

340
2010/2xxx/CVE-2010-2948.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2948", "ID": "CVE-2010-2948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/08/24/3" "lang": "eng",
}, "value": "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message."
{ }
"name" : "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/08/25/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3", "description": [
"refsource" : "CONFIRM", {
"url" : "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.quagga.net/news2.php?y=2010&m=8&d=19", ]
"refsource" : "CONFIRM", }
"url" : "http://www.quagga.net/news2.php?y=2010&m=8&d=19" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=626783", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=626783" "name": "ADV-2010-2304",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2304"
"name" : "DSA-2104", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2104" "name": "42635",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/42635"
"name" : "GLSA-201202-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201202-02.xml" "name": "42498",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42498"
"name" : "MDVSA-2010:174", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=626783",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783"
"name" : "RHSA-2010:0785", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0785.html" "name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
"name" : "RHSA-2010:0945", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0945.html" "name": "41238",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41238"
"name" : "SUSE-SR:2010:022", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" "name": "SUSE-SR:2010:022",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
"name" : "SUSE-SU-2011:1316", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html" "name": "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3",
}, "refsource": "CONFIRM",
{ "url": "http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3"
"name" : "USN-1027-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1027-1" "name": "41038",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41038"
"name" : "42635", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42635" "name": "GLSA-201202-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
"name" : "41038", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41038" "name": "42397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42397"
"name" : "41238", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41238" "name": "DSA-2104",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2104"
"name" : "42397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42397" "name": "USN-1027-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1027-1"
"name" : "42446", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42446" "name": "42446",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42446"
"name" : "42498", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42498" "name": "SUSE-SU-2011:1316",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
"name" : "48106", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48106" "name": "MDVSA-2010:174",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
"name" : "ADV-2010-2304", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2304" "name": "48106",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48106"
"name" : "ADV-2010-3097", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3097" "name": "ADV-2010-3097",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3097"
"name" : "ADV-2010-3124", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3124" "name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
} },
} {
"name": "RHSA-2010:0785",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"name": "RHSA-2010:0945",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"name": "http://www.quagga.net/news2.php?y=2010&m=8&d=19",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2010&m=8&d=19"
},
{
"name": "ADV-2010-3124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3124"
}
]
}
}

140
2010/3xxx/CVE-2010-3342.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3342", "ID": "CVE-2010-3342",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka \"Cross-Domain Information Disclosure Vulnerability,\" a different vulnerability than CVE-2010-3348."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-090", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka \"Cross-Domain Information Disclosure Vulnerability,\" a different vulnerability than CVE-2010-3348."
{ }
"name" : "oval:org.mitre.oval:def:11447", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11447" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024872", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024872" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS10-090",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090"
},
{
"name": "oval:org.mitre.oval:def:11447",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11447"
},
{
"name": "1024872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024872"
}
]
}
}

160
2010/3xxx/CVE-2010-3489.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3489", "ID": "CVE-2010-3489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter."
{ }
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php", ]
"refsource" : "MISC", },
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43290", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43290" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "68128", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/68128" ]
}, },
{ "references": {
"name" : "41475", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41475" "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php",
} "refsource": "MISC",
] "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4964.php"
} },
} {
"name": "41475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41475"
},
{
"name": "43290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43290"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/ZSL-2010-4964.txt"
},
{
"name": "68128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68128"
}
]
}
}

280
2010/3xxx/CVE-2010-3555.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3555", "ID": "CVE-2010-3555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-207/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-207/" "lang": "eng",
}, "value": "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100114315", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100114315" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100123193", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100123193" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" "name": "http://support.avaya.com/css/P8/documents/100114315",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100114315"
"name" : "HPSBUX02608", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "SSRT100333", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" "name": "RHSA-2010:0770",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "oval:org.mitre.oval:def:12222",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12222"
"name" : "RHSA-2010:0770", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" "name": "SSRT100333",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
"name" : "RHSA-2010:0987", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" "name": "oval:org.mitre.oval:def:11320",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11320"
"name" : "RHSA-2011:0880", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-207/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-207/"
"name" : "SUSE-SR:2010:019", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "name": "44038",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/44038"
"name" : "44038", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44038" "name": "RHSA-2010:0987",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
"name" : "oval:org.mitre.oval:def:11320", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11320" "name": "44954",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44954"
"name" : "oval:org.mitre.oval:def:12222", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12222" "name": "RHSA-2011:0880",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
"name" : "42974", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42974" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
"name" : "44954", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44954" "name": "42974",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42974"
} },
} {
"name": "HPSBUX02608",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "http://support.avaya.com/css/P8/documents/100123193",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

180
2011/0xxx/CVE-2011-0147.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-0147", "ID": "CVE-2011-0147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4554", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4554" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
{ }
"name" : "http://support.apple.com/kb/HT4564", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4564" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4566", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4566" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-03-02-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2011-03-09-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" "name": "http://support.apple.com/kb/HT4564",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4564"
"name" : "APPLE-SA-2011-03-09-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" "name": "http://support.apple.com/kb/HT4566",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4566"
"name" : "oval:org.mitre.oval:def:16488", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16488" "name": "APPLE-SA-2011-03-02-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
} },
} {
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:16488",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16488"
}
]
}
}

34
2011/0xxx/CVE-2011-0601.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-0601", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-0601",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

130
2011/0xxx/CVE-2011-0835.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0835", "ID": "CVE-2011-0835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0880."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0880."
{ }
"name" : "TA11-201A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

170
2011/0xxx/CVE-2011-0951.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-0951", "ID": "CVE-2011-0951",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110330 Cisco Secure Access Control System Unauthorized Password Change Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml" "lang": "eng",
}, "value": "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440."
{ }
"name" : "47093", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/47093" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1025271", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025271" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "43924", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/43924" ]
}, },
{ "references": {
"name" : "ADV-2011-0821", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0821" "name": "43924",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43924"
"name" : "cisco-acs-interface-security-bypass(66471)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471" "name": "1025271",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1025271"
} },
} {
"name": "ADV-2011-0821",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0821"
},
{
"name": "20110330 Cisco Secure Access Control System Unauthorized Password Change Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml"
},
{
"name": "cisco-acs-interface-security-bypass(66471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471"
},
{
"name": "47093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47093"
}
]
}
}

490
2011/1xxx/CVE-2011-1167.json
View File

@ -1,247 +1,247 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1167", "ID": "CVE-2011-1167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517101/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-107", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-107" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2300", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2300" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684939", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684939" ]
}, },
{ "references": {
"name" : "http://blackberry.com/btsc/KB27244", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://blackberry.com/btsc/KB27244" "name": "ADV-2011-0795",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0795"
"name" : "http://support.apple.com/kb/HT5130", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5130" "name": "43974",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43974"
"name" : "http://support.apple.com/kb/HT5281", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5281" "name": "USN-1102-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-1102-1"
"name" : "http://support.apple.com/kb/HT5503", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "name": "ADV-2011-0845",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0845"
"name" : "APPLE-SA-2012-02-01-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=684939",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939"
"name" : "APPLE-SA-2012-05-09-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" "name": "ADV-2011-0860",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0860"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "SUSE-SR:2011:009",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
"name" : "DSA-2210", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2210" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "FEDORA-2011-3827", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "FEDORA-2011-3836", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html" "name": "SSA:2011-098-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820"
"name" : "GLSA-201209-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" "name": "http://support.apple.com/kb/HT5130",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5130"
"name" : "MDVSA-2011:064", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064" "name": "43900",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43900"
"name" : "RHSA-2011:0392", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0392.html" "name": "71256",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/71256"
"name" : "SSA:2011-098-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820" "name": "43934",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43934"
"name" : "SUSE-SR:2011:009", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" "name": "46951",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46951"
"name" : "USN-1102-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-1102-1" "name": "FEDORA-2011-3836",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html"
"name" : "46951", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46951" "name": "ADV-2011-0905",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0905"
"name" : "71256", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/71256" "name": "DSA-2210",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2210"
"name" : "1025257", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025257" "name": "APPLE-SA-2012-02-01-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
"name" : "43900", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43900" "name": "libtiff-thundercode-decoder-bo(66247)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247"
"name" : "43934", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43934" "name": "http://blackberry.com/btsc/KB27244",
}, "refsource": "CONFIRM",
{ "url": "http://blackberry.com/btsc/KB27244"
"name" : "44117", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44117" "name": "1025257",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025257"
"name" : "44135", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44135" "name": "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/517101/100/0/threaded"
"name" : "43974", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43974" "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2300",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2300"
"name" : "50726", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50726" "name": "GLSA-201209-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
"name" : "8165", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8165" "name": "ADV-2011-0930",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0930"
"name" : "ADV-2011-0795", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0795" "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-107",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-107"
"name" : "ADV-2011-0845", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0845" "name": "44135",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44135"
"name" : "ADV-2011-0859", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0859" "name": "ADV-2011-0960",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0960"
"name" : "ADV-2011-0860", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0860" "name": "8165",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8165"
"name" : "ADV-2011-0905", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0905" "name": "MDVSA-2011:064",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064"
"name" : "ADV-2011-0930", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0930" "name": "ADV-2011-0859",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0859"
"name" : "ADV-2011-0960", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0960" "name": "44117",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44117"
"name" : "libtiff-thundercode-decoder-bo(66247)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247" "name": "RHSA-2011:0392",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-0392.html"
} },
} {
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "FEDORA-2011-3827",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
}
]
}
}

180
2011/1xxx/CVE-2011-1329.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2011-1329", "ID": "CVE-2011-1329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://digit.que.ne.jp/work/index.cgi?WalRack", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://digit.que.ne.jp/work/index.cgi?WalRack" "lang": "eng",
}, "value": "WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file."
{ }
"name" : "http://digit.que.ne.jp/work/index.cgi?WalRack2", ]
"refsource" : "CONFIRM", },
"url" : "http://digit.que.ne.jp/work/index.cgi?WalRack2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://jvn.jp/en/jp/JVN46984044/54827/index.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://jvn.jp/en/jp/JVN46984044/54827/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVN#46984044", ]
"refsource" : "JVN", }
"url" : "http://jvn.jp/en/jp/JVN46984044/index.html" ]
}, },
{ "references": {
"name" : "JVNDB-2011-000032", "reference_data": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000032" "name": "JVN#46984044",
}, "refsource": "JVN",
{ "url": "http://jvn.jp/en/jp/JVN46984044/index.html"
"name" : "48001", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48001" "name": "48001",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48001"
"name" : "walrack-uploaded-files-code-exec(67641)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67641" "name": "http://digit.que.ne.jp/work/index.cgi?WalRack2",
} "refsource": "CONFIRM",
] "url": "http://digit.que.ne.jp/work/index.cgi?WalRack2"
} },
} {
"name": "walrack-uploaded-files-code-exec(67641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67641"
},
{
"name": "JVNDB-2011-000032",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000032"
},
{
"name": "http://jvn.jp/en/jp/JVN46984044/54827/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN46984044/54827/index.html"
},
{
"name": "http://digit.que.ne.jp/work/index.cgi?WalRack",
"refsource": "CONFIRM",
"url": "http://digit.que.ne.jp/work/index.cgi?WalRack"
}
]
}
}

200
2011/1xxx/CVE-2011-1499.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1499", "ID": "CVE-2011-1499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/04/07/9" "lang": "eng",
}, "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
{ }
"name" : "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/04/08/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://banu.com/bugzilla/show_bug.cgi?id=90", ]
"refsource" : "CONFIRM", }
"url" : "https://banu.com/bugzilla/show_bug.cgi?id=90" ]
}, },
{ "references": {
"name" : "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=694658", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=694658" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694658",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
"name" : "DSA-2222", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2222" "name": "44274",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44274"
"name" : "44274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44274" "name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
"name" : "tinyproxy-aclc-sec-bypass(67256)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256" "name": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4",
} "refsource": "CONFIRM",
] "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
} },
} {
"name": "tinyproxy-aclc-sec-bypass(67256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
},
{
"name": "https://banu.com/bugzilla/show_bug.cgi?id=90",
"refsource": "CONFIRM",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"name": "DSA-2222",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
}
]
}
}

140
2011/1xxx/CVE-2011-1904.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1904", "ID": "CVE-2011-1904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"command injection\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php" "lang": "eng",
}, "value": "An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"command injection\" issue."
{ }
"name" : "https://support.proofpoint.com/article.cgi?article_id=338413", ]
"refsource" : "MISC", },
"url" : "https://support.proofpoint.com/article.cgi?article_id=338413" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#790980", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/790980" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.proofpoint.com/article.cgi?article_id=338413",
"refsource": "MISC",
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"name": "VU#790980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"name": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php",
"refsource": "MISC",
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
}
]
}
}

190
2011/5xxx/CVE-2011-5166.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5166", "ID": "CVE-2011-5166",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110902 KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands."
{ }
"name" : "17819", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/17819" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17856", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/17856" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17870", ]
"refsource" : "EXPLOIT-DB", }
"url" : "http://www.exploit-db.com/exploits/17870" ]
}, },
{ "references": {
"name" : "18089", "reference_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18089" "name": "45907",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45907"
"name" : "75147", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/75147" "name": "17856",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/17856"
"name" : "45907", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45907" "name": "20110902 KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html"
"name" : "knftpd-multiple-commands-bo(69557)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69557" "name": "18089",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/18089"
} },
} {
"name": "knftpd-multiple-commands-bo(69557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69557"
},
{
"name": "75147",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75147"
},
{
"name": "17819",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17819"
},
{
"name": "17870",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17870"
}
]
}
}

120
2011/5xxx/CVE-2011-5309.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5309", "ID": "CVE-2011-5309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB22826", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB22826" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22826",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22826"
}
]
}
}

34
2014/3xxx/CVE-2014-3119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3119", "ID": "CVE-2014-3119",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/3xxx/CVE-2014-3161.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-3161", "ID": "CVE-2014-3161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html" "lang": "eng",
}, "value": "The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=334204", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=334204" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=266396&view=revision"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=334204",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=334204"
}
]
}
}

34
2014/3xxx/CVE-2014-3257.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3257", "ID": "CVE-2014-3257",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

270
2014/3xxx/CVE-2014-3688.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3688", "ID": "CVE-2014-3688",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141113 Linux kernel: SCTP issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/11/13/8" "lang": "eng",
}, "value": "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155745", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155745" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4" "name": "[oss-security] 20141113 Linux kernel: SCTP issues",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/11/13/8"
"name" : "DSA-3060", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3060" "name": "HPSBGN03285",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=142722450701342&w=2"
"name" : "HPSBGN03282", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=142722544401658&w=2" "name": "SUSE-SU-2015:0736",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
"name" : "HPSBGN03285", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=142722450701342&w=2" "name": "USN-2418-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2418-1"
"name" : "RHSA-2015:0062", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0062.html" "name": "SUSE-SU-2015:0652",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
"name" : "RHSA-2015:0115", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0115.html" "name": "RHSA-2015:0062",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
"name" : "SUSE-SU-2015:0481", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" "name": "USN-2417-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2417-1"
"name" : "openSUSE-SU-2015:0566", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" "name": "HPSBGN03282",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=142722544401658&w=2"
"name" : "SUSE-SU-2015:0652", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" "name": "DSA-3060",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3060"
"name" : "SUSE-SU-2015:0736", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" "name": "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4"
"name" : "USN-2417-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2417-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26b87c7881006311828bb0ab271a551a62dcceb4"
"name" : "USN-2418-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2418-1" "name": "SUSE-SU-2015:0481",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
} },
} {
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155745",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155745"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
},
{
"name": "RHSA-2015:0115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
}
]
}
}

120
2014/6xxx/CVE-2014-6326.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-6326", "ID": "CVE-2014-6326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"OWA XSS Vulnerability,\" a different vulnerability than CVE-2014-6325."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-075", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"OWA XSS Vulnerability,\" a different vulnerability than CVE-2014-6325."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-075",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075"
}
]
}
}

130
2014/6xxx/CVE-2014-6385.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6385", "ID": "CVE-2014-6385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668" "lang": "eng",
}, "value": "Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH)."
{ }
"name" : "72072", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72072" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72072"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668"
}
]
}
}

130
2014/6xxx/CVE-2014-6546.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6546", "ID": "CVE-2014-6546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
{ }
"name" : "70453", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70453" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70453"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6728.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6728", "ID": "CVE-2014-6728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#855473", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/855473" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#855473",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/855473"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

210
2014/7xxx/CVE-2014-7154.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7154", "ID": "CVE-2014-7154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xenbits.xen.org/xsa/advisory-104.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://xenbits.xen.org/xsa/advisory-104.html" "lang": "eng",
}, "value": "Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors."
{ }
"name" : "DSA-3041", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2014/dsa-3041" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2014-12000", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2014-12036", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" ]
}, },
{ "references": {
"name" : "GLSA-201412-42", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201412-42.xml" "name": "61501",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61501"
"name" : "openSUSE-SU-2014:1279", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" "name": "openSUSE-SU-2014:1281",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
"name" : "openSUSE-SU-2014:1281", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" "name": "FEDORA-2014-12000",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html"
"name" : "1030887", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030887" "name": "openSUSE-SU-2014:1279",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
"name" : "61501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61501" "name": "FEDORA-2014-12036",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html"
"name" : "61890", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61890" "name": "DSA-3041",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2014/dsa-3041"
} },
} {
"name": "http://xenbits.xen.org/xsa/advisory-104.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-104.html"
},
{
"name": "61890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61890"
},
{
"name": "GLSA-201412-42",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-42.xml"
},
{
"name": "1030887",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030887"
}
]
}
}

140
2014/7xxx/CVE-2014-7509.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7509", "ID": "CVE-2014-7509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#507697", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/507697" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#507697",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/507697"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7770.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7770", "ID": "CVE-2014-7770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#205769", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/205769" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#205769",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/205769"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

160
2014/8xxx/CVE-2014-8034.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-8034", "ID": "CVE-2014-8034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990" "lang": "eng",
}, "value": "Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321."
{ }
"name" : "20150109 Cisco WebEx Meetings Server User Enumeration Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "71978", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71978" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031543", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031543" ]
}, },
{ "references": {
"name" : "cisco-webex-cve20148034-info-disc(100552)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100552" "name": "20150109 Cisco WebEx Meetings Server User Enumeration Vulnerability",
} "refsource": "CISCO",
] "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034"
} },
} {
"name": "cisco-webex-cve20148034-info-disc(100552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100552"
},
{
"name": "71978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71978"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36990"
},
{
"name": "1031543",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031543"
}
]
}
}

230
2016/2xxx/CVE-2016-2561.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2561", "ID": "CVE-2016-2561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page."
{ }
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef" ]
}, },
{ "references": {
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b" "name": "FEDORA-2016-65da02b95c",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e" "name": "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef"
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-12/", },
"refsource" : "CONFIRM", {
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-12/" "name": "https://www.phpmyadmin.net/security/PMASA-2016-12/",
}, "refsource": "CONFIRM",
{ "url": "https://www.phpmyadmin.net/security/PMASA-2016-12/"
"name" : "DSA-3627", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3627" "name": "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e"
"name" : "FEDORA-2016-65da02b95c", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html" "name": "DSA-3627",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3627"
"name" : "FEDORA-2016-02ee5b4002", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html" "name": "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775"
"name" : "openSUSE-SU-2016:0663", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html" "name": "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372"
"name" : "openSUSE-SU-2016:0666", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html" "name": "FEDORA-2016-02ee5b4002",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"
} },
} {
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f"
},
{
"name": "openSUSE-SU-2016:0666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html"
},
{
"name": "openSUSE-SU-2016:0663",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2626.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2626", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2626",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

160
2016/2xxx/CVE-2016-2860.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2860", "ID": "CVE-2016-2860",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html" "lang": "eng",
}, "value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
{ }
"name" : "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0", ]
"refsource" : "CONFIRM", },
"url" : "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17", ]
"refsource" : "CONFIRM", }
"url" : "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17" ]
}, },
{ "references": {
"name" : "DSA-3569", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3569" "name": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt",
} "refsource": "CONFIRM",
] "url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
} },
} {
"name": "DSA-3569",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0",
"refsource": "CONFIRM",
"url": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
]
}
}

120
2016/2xxx/CVE-2016-2988.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2988", "ID": "CVE-2016-2988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988781", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988781" "lang": "eng",
} "value": "IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988781",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988781"
}
]
}
}

120
2016/6xxx/CVE-2016-6184.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6184", "ID": "CVE-2016-6184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en" "lang": "eng",
} "value": "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en"
}
]
}
}

170
2017/18xxx/CVE-2017-18043.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18043", "ID": "CVE-2017-18043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2018/01/19/1" "lang": "eng",
}, "value": "Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash)."
{ }
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4213", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4213" ]
}, },
{ "references": {
"name" : "USN-3575-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3575-1/" "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"name" : "102759", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102759" "name": "DSA-4213",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4213"
} },
} {
"name": "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/01/19/1"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854"
},
{
"name": "102759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102759"
}
]
}
}

132
2017/18xxx/CVE-2017-18142.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2017-18142", "ID": "CVE-2017-18142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile", "product_name": "Snapdragon Mobile",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9650, MDM9655, SD 835, SD 845, SD 850" "version_value": "MDM9650, MDM9655, SD 835, SD 845, SD 850"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Data"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2017/1xxx/CVE-2017-1039.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1039", "ID": "CVE-2017-1039",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

230
2017/1xxx/CVE-2017-1140.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2017-1140", "ID": "CVE-2017-1140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Business Process Manager Advanced", "product_name": "Business Process Manager Advanced",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.0.1" "version_value": "8.0.1"
}, },
{ {
"version_value" : "8.0.1.1" "version_value": "8.0.1.1"
}, },
{ {
"version_value" : "8.0.1.2" "version_value": "8.0.1.2"
}, },
{ {
"version_value" : "8.5" "version_value": "8.5"
}, },
{ {
"version_value" : "8.5.0.1" "version_value": "8.5.0.1"
}, },
{ {
"version_value" : "8.5.5" "version_value": "8.5.5"
}, },
{ {
"version_value" : "8.0.1.3" "version_value": "8.0.1.3"
}, },
{ {
"version_value" : "8.5.6" "version_value": "8.5.6"
}, },
{ {
"version_value" : "8.5.0.2" "version_value": "8.5.0.2"
}, },
{ {
"version_value" : "8.5.7" "version_value": "8.5.7"
}, },
{ {
"version_value" : "8.5.7.CF201609" "version_value": "8.5.7.CF201609"
}, },
{ {
"version_value" : "8.5.6.1" "version_value": "8.5.6.1"
}, },
{ {
"version_value" : "8.5.6.2" "version_value": "8.5.6.2"
}, },
{ {
"version_value" : "8.5.7.CF201606" "version_value": "8.5.7.CF201606"
}, },
{ {
"version_value" : "8.5.7.CF201612" "version_value": "8.5.7.CF201612"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905" "lang": "eng",
}, "value": "IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999133", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999133" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97322", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97322" "lang": "eng",
} "value": "Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121905"
},
{
"name": "97322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97322"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999133",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999133"
}
]
}
}

172
2017/1xxx/CVE-2017-1733.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2017-1733", "ID": "CVE-2017-1733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security QRadar SIEM", "product_name": "Security QRadar SIEM",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.3" "version_value": "7.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "4.000",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914" "lang": "eng",
}, "value": "IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015243", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015243" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "103736", "A": "N",
"refsource" : "BID", "AC": "L",
"url" : "http://www.securityfocus.com/bid/103736" "AV": "L",
} "C": "L",
] "I": "N",
} "PR": "N",
} "S": "U",
"SCORE": "4.000",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103736"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134914"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22015243",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22015243"
}
]
}
}

34
2017/5xxx/CVE-2017-5252.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5252", "ID": "CVE-2017-5252",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2017/5xxx/CVE-2017-5495.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5495", "ID": "CVE-2017-5495",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://savannah.nongnu.org/forum/forum.php?forum_id=8783", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://savannah.nongnu.org/forum/forum.php?forum_id=8783" "lang": "eng",
}, "value": "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10."
{ }
"name" : "https://github.com/freerangerouting/frr/pull/63", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/freerangerouting/frr/pull/63" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2017:0794", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0794.html" ]
}, },
{ "references": {
"name" : "95745", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95745" "name": "RHSA-2017:0794",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
"name" : "1037688", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037688" "name": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783",
} "refsource": "CONFIRM",
] "url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783"
} },
} {
"name": "https://github.com/freerangerouting/frr/pull/63",
"refsource": "CONFIRM",
"url": "https://github.com/freerangerouting/frr/pull/63"
},
{
"name": "1037688",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037688"
},
{
"name": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html",
"refsource": "CONFIRM",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html"
},
{
"name": "95745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95745"
}
]
}
}

130
2017/5xxx/CVE-2017-5501.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5501", "ID": "CVE-2017-5501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/" "lang": "eng",
}, "value": "Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file."
{ }
"name" : "95666", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95666" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/"
},
{
"name": "95666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95666"
}
]
}
}

200
2017/5xxx/CVE-2017-5581.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5581", "ID": "CVE-2017-5581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/01/22/1" "lang": "eng",
}, "value": "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries."
{ }
"name" : "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2017/01/25/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/TigerVNC/tigervnc/pull/399", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/TigerVNC/tigervnc/pull/399" ]
}, },
{ "references": {
"name" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1" "name": "[oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2017/01/22/1"
"name" : "GLSA-201702-19", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201702-19" "name": "RHSA-2017:0630",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0630.html"
"name" : "RHSA-2017:0630", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0630.html" "name": "RHSA-2017:2000",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2000"
"name" : "RHSA-2017:2000", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2000" "name": "GLSA-201702-19",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201702-19"
"name" : "95789", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95789" "name": "https://github.com/TigerVNC/tigervnc/pull/399",
} "refsource": "CONFIRM",
] "url": "https://github.com/TigerVNC/tigervnc/pull/399"
} },
} {
"name": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba",
"refsource": "CONFIRM",
"url": "https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba"
},
{
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1",
"refsource": "CONFIRM",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1"
},
{
"name": "[oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/6"
},
{
"name": "95789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95789"
}
]
}
}

130
2017/5xxx/CVE-2017-5666.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5666", "ID": "CVE-2017-5666",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/" "lang": "eng",
}, "value": "The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file."
{ }
"name" : "95908", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95908" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/"
},
{
"name": "95908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95908"
}
]
}
}