admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:21:46 +00:00
parent 0941378d95
commit 72d5115127
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3715 additions and 3715 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/2xxx/CVE-2006-2410.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060512 Multiple vulnerabilities in Raydium rev 309",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433930/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/raydiumx-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/raydiumx-adv.txt"
},
{
"name" : "17986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17986"
},
{
"name" : "ADV-2006-1808",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1808"
},
{
"name" : "20097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20097"
},
{
"name" : "900",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/900"
},
{
"name" : "raydium-raydiumnetworknetcallexec-dos(26515)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17986"
},
{
"name": "20097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20097"
},
{
"name": "ADV-2006-1808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1808"
},
{
"name": "http://aluigi.altervista.org/adv/raydiumx-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/raydiumx-adv.txt"
},
{
"name": "raydium-raydiumnetworknetcallexec-dos(26515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26515"
},
{
"name": "20060512 Multiple vulnerabilities in Raydium rev 309",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433930/100/0/threaded"
},
{
"name": "900",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/900"
}
]
}
}

160
2006/3xxx/CVE-2006-3020.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/ws-album-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/ws-album-xss-vuln.html"
},
{
"name" : "20060615 WS-Album - \"PublisedDate\" is correct, source verify, new vector",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-June/000860.html"
},
{
"name" : "ADV-2006-2299",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2299"
},
{
"name" : "20537",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20537"
},
{
"name" : "ws-album-fullphoto-xss(27056)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20537"
},
{
"name": "ADV-2006-2299",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2299"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ws-album-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ws-album-xss-vuln.html"
},
{
"name": "ws-album-fullphoto-xss(27056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27056"
},
{
"name": "20060615 WS-Album - \"PublisedDate\" is correct, source verify, new vector",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000860.html"
}
]
}
}

220
2006/3xxx/CVE-2006-3027.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html"
},
{
"name" : "2986",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2986"
},
{
"name" : "21742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21742"
},
{
"name" : "ADV-2006-2316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2316"
},
{
"name" : "ADV-2006-5160",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5160"
},
{
"name" : "26365",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26365"
},
{
"name" : "26366",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26366"
},
{
"name" : "26367",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26367"
},
{
"name" : "20609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20609"
},
{
"name" : "23525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23525"
},
{
"name" : "ephotos-multiple-script-sql-injection(27035)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2316"
},
{
"name": "21742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21742"
},
{
"name": "ADV-2006-5160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5160"
},
{
"name": "ephotos-multiple-script-sql-injection(27035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27035"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ephotos-vuln.html"
},
{
"name": "23525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23525"
},
{
"name": "26366",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26366"
},
{
"name": "2986",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2986"
},
{
"name": "26365",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26365"
},
{
"name": "26367",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26367"
},
{
"name": "20609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20609"
}
]
}
}

190
2006/3xxx/CVE-2006-3291.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the \"Local User List Only (Individual Passwords)\" setting, which removes all security and password configurations and allows remote attackers to access the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060628 Access Point Web-browser Interface Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml"
},
{
"name" : "VU#544484",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/544484"
},
{
"name" : "18704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18704"
},
{
"name" : "ADV-2006-2584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2584"
},
{
"name" : "26878",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26878"
},
{
"name" : "1016399",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016399"
},
{
"name" : "20860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20860"
},
{
"name" : "cisco-ap-browser-unauth-access(27437)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the \"Local User List Only (Individual Passwords)\" setting, which removes all security and password configurations and allows remote attackers to access the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18704"
},
{
"name": "cisco-ap-browser-unauth-access(27437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27437"
},
{
"name": "20060628 Access Point Web-browser Interface Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml"
},
{
"name": "26878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26878"
},
{
"name": "1016399",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016399"
},
{
"name": "ADV-2006-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2584"
},
{
"name": "VU#544484",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544484"
},
{
"name": "20860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20860"
}
]
}
}

34
2006/3xxx/CVE-2006-3641.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3641",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3641",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

160
2006/4xxx/CVE-2006-4525.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&"
},
{
"name" : "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource" : "CONFIRM",
"url" : "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697",
"refsource" : "CONFIRM",
"url" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697"
},
{
"name" : "19782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19782"
},
{
"name" : "21659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21659"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697"
},
{
"name": "19782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19782"
},
{
"name": "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource": "CONFIRM",
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00111-08282006&",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00111-08282006&"
}
]
}
}

210
2006/6xxx/CVE-2006-6027.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061205 eEye's Zero-Day Tracker Launch",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453579/100/0/threaded"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/21155-AcroPDF_DoS.html",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/21155-AcroPDF_DoS.html"
},
{
"name" : "http://research.eeye.com/html/alerts/zeroday/20061128.html",
"refsource" : "MISC",
"url" : "http://research.eeye.com/html/alerts/zeroday/20061128.html"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa06-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa06-02.html"
},
{
"name" : "VU#198908",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/198908"
},
{
"name" : "21155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21155"
},
{
"name" : "ADV-2006-4751",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4751"
},
{
"name" : "1017297",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017297"
},
{
"name" : "23138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23138"
},
{
"name" : "adobe-acrobat-acropdf-code-execution(30574)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.eeye.com/html/alerts/zeroday/20061128.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20061128.html"
},
{
"name": "ADV-2006-4751",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4751"
},
{
"name": "23138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23138"
},
{
"name": "VU#198908",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/198908"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/21155-AcroPDF_DoS.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/21155-AcroPDF_DoS.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa06-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa06-02.html"
},
{
"name": "adobe-acrobat-acropdf-code-execution(30574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30574"
},
{
"name": "1017297",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017297"
},
{
"name": "20061205 eEye's Zero-Day Tracker Launch",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453579/100/0/threaded"
},
{
"name": "21155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21155"
}
]
}
}

160
2006/6xxx/CVE-2006-6193.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2848",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2848"
},
{
"name" : "21293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21293"
},
{
"name" : "ADV-2006-4703",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4703"
},
{
"name" : "23102",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23102"
},
{
"name" : "basicforum-edit-sql-injection(30487)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23102"
},
{
"name": "21293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21293"
},
{
"name": "ADV-2006-4703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4703"
},
{
"name": "basicforum-edit-sql-injection(30487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30487"
},
{
"name": "2848",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2848"
}
]
}
}

180
2006/6xxx/CVE-2006-6223.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6223",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sla.ckers.org/forum/read.php?3,3109",
"refsource" : "MISC",
"url" : "http://sla.ckers.org/forum/read.php?3,3109"
},
{
"name" : "VU#989144",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/989144"
},
{
"name" : "21438",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21438"
},
{
"name" : "ADV-2006-4789",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name" : "1017317",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017317"
},
{
"name" : "23239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23239"
},
{
"name" : "googlesearch-utf7-xss(30647)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017317",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"name": "http://sla.ckers.org/forum/read.php?3,3109",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?3,3109"
},
{
"name": "23239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21438"
}
]
}
}

520
2006/6xxx/CVE-2006-6505.json
View File

@ -1,262 +1,262 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-6505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070102 rPSA-2006-0234-2 firefox thunderbird",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"name" : "20061222 rPSA-2006-0234-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-74.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-74.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-883",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-883"
},
{
"name" : "DSA-1265",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1265"
},
{
"name" : "FEDORA-2006-1491",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2297"
},
{
"name" : "FEDORA-2007-004",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2338"
},
{
"name" : "GLSA-200701-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml"
},
{
"name" : "GLSA-200701-04",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"name" : "MDKSA-2007:011",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011"
},
{
"name" : "RHSA-2006:0759",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"name" : "RHSA-2006:0760",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"name" : "20061202-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"name" : "102800",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102800-1"
},
{
"name" : "SUSE-SA:2006:080",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"name" : "SUSE-SA:2007:006",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"name" : "USN-400-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-400-1"
},
{
"name" : "TA06-354A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"name" : "VU#887332",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/887332"
},
{
"name" : "21668",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21668"
},
{
"name" : "oval:org.mitre.oval:def:11565",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11565"
},
{
"name" : "ADV-2006-5068",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5068"
},
{
"name" : "ADV-2007-0573",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0573"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "1017419",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017419"
},
{
"name" : "1017420",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017420"
},
{
"name" : "23433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23433"
},
{
"name" : "23439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23439"
},
{
"name" : "23420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23420"
},
{
"name" : "23422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23422"
},
{
"name" : "23468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23468"
},
{
"name" : "23514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23514"
},
{
"name" : "23601",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23601"
},
{
"name" : "23545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23545"
},
{
"name" : "23591",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23591"
},
{
"name" : "23598",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23598"
},
{
"name" : "23618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23618"
},
{
"name" : "23692",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23692"
},
{
"name" : "23672",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23672"
},
{
"name" : "24108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24108"
},
{
"name" : "24390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102800",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102800-1"
},
{
"name": "21668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21668"
},
{
"name": "23433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23433"
},
{
"name": "23439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23439"
},
{
"name": "23672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23672"
},
{
"name": "ADV-2006-5068",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"name": "23468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23468"
},
{
"name": "23598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23598"
},
{
"name": "DSA-1265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"name": "23692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23692"
},
{
"name": "1017420",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017420"
},
{
"name": "GLSA-200701-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"name": "24390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24390"
},
{
"name": "FEDORA-2006-1491",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2297"
},
{
"name": "23422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23422"
},
{
"name": "23591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23591"
},
{
"name": "RHSA-2006:0759",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"name": "VU#887332",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/887332"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "FEDORA-2007-004",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2338"
},
{
"name": "24108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24108"
},
{
"name": "23420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23420"
},
{
"name": "20061202-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"name": "ADV-2007-0573",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0573"
},
{
"name": "SUSE-SA:2006:080",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"name": "20061222 rPSA-2006-0234-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"name": "23545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23545"
},
{
"name": "23618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23618"
},
{
"name": "GLSA-200701-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml"
},
{
"name": "TA06-354A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-74.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-74.html"
},
{
"name": "oval:org.mitre.oval:def:11565",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11565"
},
{
"name": "https://issues.rpath.com/browse/RPL-883",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"name": "20070102 rPSA-2006-0234-2 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"name": "1017419",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017419"
},
{
"name": "SUSE-SA:2007:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"name": "23601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23601"
},
{
"name": "MDKSA-2007:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011"
},
{
"name": "23514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23514"
},
{
"name": "RHSA-2006:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"name": "USN-400-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-400-1"
}
]
}
}

150
2006/6xxx/CVE-2006-6530.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/102605",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/102605"
},
{
"name" : "ADV-2006-4941",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4941"
},
{
"name" : "23295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23295"
},
{
"name" : "drupal-help-unspecified-sql-injection(30809)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4941"
},
{
"name": "23295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23295"
},
{
"name": "http://drupal.org/node/102605",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/102605"
},
{
"name": "drupal-help-unspecified-sql-injection(30809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30809"
}
]
}
}

140
2006/6xxx/CVE-2006-6907.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name" : "37591",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37591",
"refsource": "OSVDB",
"url": "http://osvdb.org/37591"
}
]
}
}

150
2010/2xxx/CVE-2010-2692.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt"
},
{
"name" : "65827",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65827"
},
{
"name" : "40362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40362"
},
{
"name" : "customtshirt-comments-xss(59791)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65827",
"refsource": "OSVDB",
"url": "http://osvdb.org/65827"
},
{
"name": "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1006-exploits/2daybiztshirt-sql.txt"
},
{
"name": "customtshirt-comments-xss(59791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59791"
},
{
"name": "40362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40362"
}
]
}
}

170
2010/2xxx/CVE-2010-2871.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100824 ZDI-10-160: Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513305/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-160",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-160"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name" : "oval:org.mitre.oval:def:11970",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11970"
},
{
"name" : "1024361",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024361"
},
{
"name" : "ADV-2010-2176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "20100824 ZDI-10-160: Adobe Shockwave Player Director File FFFFFF45 Record Processing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513305/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-160",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-160"
},
{
"name": "oval:org.mitre.oval:def:11970",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11970"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

180
2011/0xxx/CVE-2011-0489.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15988",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15988"
},
{
"name" : "VU#782567",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/782567"
},
{
"name" : "45803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45803"
},
{
"name" : "70424",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70424"
},
{
"name" : "42901",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42901"
},
{
"name" : "ADV-2011-0127",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0127"
},
{
"name" : "objectivity-operations-sec-bypass(64699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64699"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42901"
},
{
"name": "15988",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15988"
},
{
"name": "objectivity-operations-sec-bypass(64699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64699"
},
{
"name": "70424",
"refsource": "OSVDB",
"url": "http://osvdb.org/70424"
},
{
"name": "VU#782567",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/782567"
},
{
"name": "45803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45803"
},
{
"name": "ADV-2011-0127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0127"
}
]
}
}

120
2011/0xxx/CVE-2011-0795.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

230
2011/0xxx/CVE-2011-0992.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource" : "MLIST",
"url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name" : "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name" : "http://www.mono-project.com/Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://www.mono-project.com/Vulnerabilities"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=678515",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"name" : "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
"refsource" : "CONFIRM",
"url" : "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name" : "47208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47208"
},
{
"name" : "44002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44002"
},
{
"name" : "44076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44076"
},
{
"name" : "ADV-2011-0904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name" : "momo-monothread-info-disclosure(66627)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "momo-monothread-info-disclosure(66627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678515",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}

160
2011/1xxx/CVE-2011-1046.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21462438",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21462438"
},
{
"name" : "46432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46432"
},
{
"name" : "43347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43347"
},
{
"name" : "ADV-2011-0423",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0423"
},
{
"name" : "ibm-filenet-contentengine-sec-bypass(65448)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-filenet-contentengine-sec-bypass(65448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65448"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21462438",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462438"
},
{
"name": "46432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46432"
},
{
"name": "ADV-2011-0423",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0423"
},
{
"name": "43347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43347"
}
]
}
}

200
2011/1xxx/CVE-2011-1404.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.net/mahara/+bug/772140",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/mahara/+bug/772140"
},
{
"name" : "https://launchpad.net/mahara/+bug/772160",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/mahara/+bug/772160"
},
{
"name" : "https://launchpad.net/mahara/+bug/772174",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/mahara/+bug/772174"
},
{
"name" : "https://launchpad.net/mahara/+bug/772179",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/mahara/+bug/772179"
},
{
"name" : "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name" : "DSA-2246",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2246"
},
{
"name" : "47798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47798"
},
{
"name" : "44433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44433"
},
{
"name" : "mahara-viewtasksjson-sec-bypass(67395)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "https://launchpad.net/mahara/+bug/772179",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772179"
},
{
"name": "mahara-viewtasksjson-sec-bypass(67395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
},
{
"name": "https://launchpad.net/mahara/+bug/772140",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44433"
},
{
"name": "https://launchpad.net/mahara/+bug/772174",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772174"
},
{
"name": "https://launchpad.net/mahara/+bug/772160",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772160"
},
{
"name": "DSA-2246",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2246"
}
]
}
}

190
2011/1xxx/CVE-2011-1572.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110409 CVE id request: gitolite",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2011/q2/197"
},
{
"name" : "[oss-security] 20110411 Re: CVE id request: gitolite",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2011/q2/209"
},
{
"name" : "http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1",
"refsource" : "CONFIRM",
"url" : "http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695568",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695568"
},
{
"name" : "https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc",
"refsource" : "CONFIRM",
"url" : "https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc"
},
{
"name" : "DSA-2215",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2215"
},
{
"name" : "46473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46473"
},
{
"name" : "gitolite-adc-security-bypass(65542)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65542"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1"
},
{
"name": "[oss-security] 20110411 Re: CVE id request: gitolite",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2011/q2/209"
},
{
"name": "https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc",
"refsource": "CONFIRM",
"url": "https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc"
},
{
"name": "DSA-2215",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2215"
},
{
"name": "[oss-security] 20110409 CVE id request: gitolite",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2011/q2/197"
},
{
"name": "46473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46473"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695568",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695568"
},
{
"name": "gitolite-adc-security-bypass(65542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65542"
}
]
}
}

140
2011/1xxx/CVE-2011-1798.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://crbug.com/79595",
"refsource" : "CONFIRM",
"url" : "http://crbug.com/79595"
},
{
"name" : "http://launchpad.net/bugs/778822",
"refsource" : "CONFIRM",
"url" : "http://launchpad.net/bugs/778822"
},
{
"name" : "http://trac.webkit.org/changeset/84085",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/84085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://crbug.com/79595",
"refsource": "CONFIRM",
"url": "http://crbug.com/79595"
},
{
"name": "http://trac.webkit.org/changeset/84085",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/84085"
},
{
"name": "http://launchpad.net/bugs/778822",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/778822"
}
]
}
}

170
2011/3xxx/CVE-2011-3137.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029497",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029497"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029498",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029498"
},
{
"name" : "IV03050",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV03050"
},
{
"name" : "45555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45555"
},
{
"name" : "ibm-tfim-console-unspecified(69204)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69204"
},
{
"name" : "ibm-tfim-unspecified(69203)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV03050",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV03050"
},
{
"name": "45555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45555"
},
{
"name": "ibm-tfim-console-unspecified(69204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69204"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029498",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029498"
},
{
"name": "ibm-tfim-unspecified(69203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69203"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029497",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029497"
}
]
}
}

120
2011/3xxx/CVE-2011-3853.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sitewat.ch/en/Advisories/11",
"refsource" : "MISC",
"url" : "https://sitewat.ch/en/Advisories/11"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sitewat.ch/en/Advisories/11",
"refsource": "MISC",
"url": "https://sitewat.ch/en/Advisories/11"
}
]
}
}

140
2011/4xxx/CVE-2011-4213.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.watchfire.com/files/googleappenginesdk.pdf",
"refsource" : "MISC",
"url" : "http://blog.watchfire.com/files/googleappenginesdk.pdf"
},
{
"name" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes",
"refsource" : "MISC",
"url" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"
},
{
"name" : "google-apps-osmodule-priv-esc(71062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes",
"refsource": "MISC",
"url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"
},
{
"name": "http://blog.watchfire.com/files/googleappenginesdk.pdf",
"refsource": "MISC",
"url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"
},
{
"name": "google-apps-osmodule-priv-esc(71062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71062"
}
]
}
}

130
2011/4xxx/CVE-2011-4525.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
},
{
"name" : "52051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
},
{
"name": "52051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52051"
}
]
}
}

34
2011/4xxx/CVE-2011-4916.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4916",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4916",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/4xxx/CVE-2011-4995.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4995",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4995",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

34
2013/5xxx/CVE-2013-5242.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5242",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5242",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2013/5xxx/CVE-2013-5654.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "larry0@me.com",
"DATE_ASSIGNED" : "2014-05-14",
"ID" : "CVE-2013-5654",
"REQUESTER" : "cve-assign@mitre.org",
"STATE" : "PUBLIC",
"UPDATED" : "2019-02-13T14:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "YingZhi Python Programming Language",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.9"
}
]
}
}
]
},
"vendor_name" : "YingZhi"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2014-05-14",
"ID": "CVE-2013-5654",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "YingZhi Python Programming Language",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "YingZhi"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744",
"refsource" : "MISC",
"url" : "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
},
{
"name" : "http://www.vapidlabs.com/advisory.php?v=94",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=94"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=94",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"name": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744",
"refsource": "MISC",
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
]
}
}

220
2014/2xxx/CVE-2014-2328.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531588"
},
{
"name" : "http://bugs.cacti.net/view.php?id=2433",
"refsource" : "CONFIRM",
"url" : "http://bugs.cacti.net/view.php?id=2433"
},
{
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=7442",
"refsource" : "CONFIRM",
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=7442"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768"
},
{
"name" : "DSA-2970",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2970"
},
{
"name" : "FEDORA-2014-4892",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html"
},
{
"name" : "FEDORA-2014-4928",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html"
},
{
"name" : "GLSA-201509-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-03"
},
{
"name" : "openSUSE-SU-2015:0479",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"
},
{
"name" : "66387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66387"
},
{
"name" : "59203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-4928",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html"
},
{
"name": "http://bugs.cacti.net/view.php?id=2433",
"refsource": "CONFIRM",
"url": "http://bugs.cacti.net/view.php?id=2433"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=7442",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=7442"
},
{
"name": "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531588"
},
{
"name": "59203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59203"
},
{
"name": "openSUSE-SU-2015:0479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"
},
{
"name": "FEDORA-2014-4892",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html"
},
{
"name": "DSA-2970",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2970"
},
{
"name": "GLSA-201509-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-03"
},
{
"name": "66387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66387"
}
]
}
}

190
2014/2xxx/CVE-2014-2745.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack, related to core/portmanager.lua and util/xmppstream.lua."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-2745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/04/07/7"
},
{
"name" : "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/04/09/1"
},
{
"name" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/",
"refsource" : "MISC",
"url" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/"
},
{
"name" : "http://blog.prosody.im/prosody-0-9-4-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.prosody.im/prosody-0-9-4-released/"
},
{
"name" : "http://hg.prosody.im/0.9/rev/1107d66d2ab2",
"refsource" : "CONFIRM",
"url" : "http://hg.prosody.im/0.9/rev/1107d66d2ab2"
},
{
"name" : "http://hg.prosody.im/0.9/rev/a97591d2e1ad",
"refsource" : "CONFIRM",
"url" : "http://hg.prosody.im/0.9/rev/a97591d2e1ad"
},
{
"name" : "DSA-2895",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2895"
},
{
"name" : "57710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack, related to core/portmanager.lua and util/xmppstream.lua."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/",
"refsource": "MISC",
"url": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/"
},
{
"name": "http://hg.prosody.im/0.9/rev/a97591d2e1ad",
"refsource": "CONFIRM",
"url": "http://hg.prosody.im/0.9/rev/a97591d2e1ad"
},
{
"name": "DSA-2895",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2895"
},
{
"name": "57710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57710"
},
{
"name": "http://hg.prosody.im/0.9/rev/1107d66d2ab2",
"refsource": "CONFIRM",
"url": "http://hg.prosody.im/0.9/rev/1107d66d2ab2"
},
{
"name": "http://blog.prosody.im/prosody-0-9-4-released/",
"refsource": "CONFIRM",
"url": "http://blog.prosody.im/prosody-0-9-4-released/"
},
{
"name": "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/09/1"
},
{
"name": "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/07/7"
}
]
}
}

34
2014/6xxx/CVE-2014-6613.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6613",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6613",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/6xxx/CVE-2014-6653.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#222577",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/222577"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#222577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/222577"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6939.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#556625",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/556625"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#556625",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/556625"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6967.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Albion College (aka com.vivomobile.albioncollege) application 2.1.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#732185",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/732185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Albion College (aka com.vivomobile.albioncollege) application 2.1.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#732185",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/732185"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7165.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7165",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7165",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/7xxx/CVE-2014-7636.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The United Hawk Nation (aka com.united12thman) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#545801",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545801"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The United Hawk Nation (aka com.united12thman) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#545801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545801"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7894.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF03279",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name" : "SSRT101690",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name" : "1031840",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101690",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name": "1031840",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031840"
},
{
"name": "HPSBHF03279",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
}
]
}
}

182
2017/0xxx/CVE-2017-0603.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "4.4.4"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920"
},
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920"
},
{
"name": "98143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98143"
}
]
}
}

184
2017/0xxx/CVE-2017-0737.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-08-07T00:00:00",
"ID" : "CVE-2017-0737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "4.4.4"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-08-07T00:00:00",
"ID": "CVE-2017-0737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-08-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-08-01"
},
{
"name" : "USN-3692-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3692-2/"
},
{
"name" : "100204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100204"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100204"
},
{
"name": "USN-3692-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-2/"
},
{
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
}
]
}
}

34
2017/0xxx/CVE-2017-0966.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0966",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0966",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

124
2017/1000xxx/CVE-2017-1000478.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-12-29",
"ID" : "CVE-2017-1000478",
"REQUESTER" : "sajeeb.lohani@bulletproof.sh",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ELabftw",
"version" : {
"version_data" : [
{
"version_value" : "1.7.8"
}
]
}
}
]
},
"vendor_name" : "ELabftw"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000478",
"REQUESTER": "sajeeb.lohani@bulletproof.sh",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/elabftw/elabftw/issues/531",
"refsource" : "MISC",
"url" : "https://github.com/elabftw/elabftw/issues/531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/elabftw/elabftw/issues/531",
"refsource": "MISC",
"url": "https://github.com/elabftw/elabftw/issues/531"
}
]
}
}

132
2017/18xxx/CVE-2017-18033.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-01-17T00:00:00",
"ID" : "CVE-2017-18033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value" : "All versions before 7.6.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-01-17T00:00:00",
"ID": "CVE-2017-18033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_value": "All versions before 7.6.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/JRASERVER-66643",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-66643"
},
{
"name" : "102744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102744"
},
{
"name": "https://jira.atlassian.com/browse/JRASERVER-66643",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-66643"
}
]
}
}

122
2017/18xxx/CVE-2017-18070.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-05-11T00:00:00",
"ID" : "CVE-2017-18070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable \"event->num_ndp_end_rsp_per_ndi_list\" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow to Buffer Overflow in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2017-18070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource" : "MISC",
"url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable \"event->num_ndp_end_rsp_per_ndi_list\" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}

188
2017/1xxx/CVE-2017-1272.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-13T00:00:00",
"ID" : "CVE-2017-1272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-13T00:00:00",
"ID": "CVE-2017-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10"
},
{
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731655",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731655"
},
{
"name" : "106237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106237"
},
{
"name" : "ibm-guardium-cve20171272-info-disc(124747)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124747"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "3.700",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-guardium-cve20171272-info-disc(124747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124747"
},
{
"name": "106237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106237"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731655",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731655"
}
]
}
}

34
2017/1xxx/CVE-2017-1471.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1471",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1471",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/1xxx/CVE-2017-1632.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-29T00:00:00",
"ID" : "CVE-2017-1632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling File Gateway",
"version" : {
"version_data" : [
{
"version_value" : "2.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-29T00:00:00",
"ID": "CVE-2017-1632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling File Gateway",
"version": {
"version_data": [
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133178",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133178"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010549",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010549"
},
{
"name" : "102191",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010549",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010549"
},
{
"name": "102191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102191"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133178",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133178"
}
]
}
}

170
2017/5xxx/CVE-2017-5107.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "User Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/686253",
"refsource" : "MISC",
"url" : "https://crbug.com/686253"
},
{
"name" : "DSA-3926",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3926"
},
{
"name" : "GLSA-201709-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-15"
},
{
"name" : "RHSA-2017:1833",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1833"
},
{
"name" : "99950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201709-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-15"
},
{
"name": "DSA-3926",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3926"
},
{
"name": "https://crbug.com/686253",
"refsource": "MISC",
"url": "https://crbug.com/686253"
},
{
"name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name": "99950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99950"
},
{
"name": "RHSA-2017:1833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1833"
}
]
}
}

140
2017/5xxx/CVE-2017-5190.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"ID" : "CVE-2017-5190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NAM Identity Server and SAML2 Service Provider",
"version" : {
"version_data" : [
{
"version_value" : "NAM Identity Server and SAML2 Service Provider"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information leakage"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2017-5190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAM Identity Server and SAML2 Service Provider",
"version": {
"version_data": [
{
"version_value": "NAM Identity Server and SAML2 Service Provider"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.novell.com/support/kb/doc.php?id=7018792",
"refsource" : "CONFIRM",
"url" : "https://www.novell.com/support/kb/doc.php?id=7018792"
},
{
"name" : "97965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97965"
},
{
"name" : "1038338",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018792",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018792"
},
{
"name": "97965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97965"
},
{
"name": "1038338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038338"
}
]
}
}

34
2017/5xxx/CVE-2017-5284.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5284",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5284",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/5xxx/CVE-2017-5658.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-10-04T00:00:00",
"ID" : "CVE-2017-5658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Pony Mail",
"version" : {
"version_data" : [
{
"version_value" : "0.7 to 0.9 (incubating)"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-04T00:00:00",
"ID": "CVE-2017-5658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Pony Mail",
"version": {
"version_data": [
{
"version_value": "0.7 to 0.9 (incubating)"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20181004 [NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/6a18cf5690d54231836f277f2b4346b53da3b6b6b08fee4c4ef4977e@%3Cdev.ponymail.apache.org%3E"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20181004 [NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6a18cf5690d54231836f277f2b4346b53da3b6b6b08fee4c4ef4977e@%3Cdev.ponymail.apache.org%3E"
}
]
}
}