admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:52:55 +00:00
parent 443c6ef499
commit 77d3f68fac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4243 additions and 4243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2006/3xxx/CVE-2006-3198.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3198", "ID": "CVE-2006-3198",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060622 VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438074/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended."
{ }
"name" : "http://www.vigilantminds.com/advi_detail.php?id=45", ]
"refsource" : "MISC", },
"url" : "http://www.vigilantminds.com/advi_detail.php?id=45" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2006:038", "description": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_38_opera.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18594", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18594" ]
}, },
{ "references": {
"name" : "ADV-2006-2491", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2491" "name": "SUSE-SA:2006:038",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_38_opera.html"
"name" : "1016362", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016362" "name": "20897",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20897"
"name" : "20787", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20787" "name": "18594",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18594"
"name" : "20897", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20897" "name": "20060622 VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/438074/100/0/threaded"
"name" : "1133", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1133" "name": "ADV-2006-2491",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2491"
"name" : "opera-jpeg-bo(27318)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27318" "name": "20787",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20787"
} },
} {
"name": "1133",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1133"
},
{
"name": "1016362",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016362"
},
{
"name": "http://www.vigilantminds.com/advi_detail.php?id=45",
"refsource": "MISC",
"url": "http://www.vigilantminds.com/advi_detail.php?id=45"
},
{
"name": "opera-jpeg-bo(27318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27318"
}
]
}
}

230
2006/3xxx/CVE-2006-3718.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3718", "ID": "CVE-2006-3718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17."
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMA02133", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT061201", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" ]
}, },
{ "references": {
"name" : "TA06-200A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" "name": "1016529",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016529"
"name" : "19054", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19054" "name": "19054",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19054"
"name" : "ADV-2006-2863", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2863" "name": "oracle-cpu-july-2006(27897)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
"name" : "ADV-2006-2947", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2947" "name": "21165",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21165"
"name" : "1016529", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016529" "name": "HPSBMA02133",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
"name" : "21111", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21111" "name": "ADV-2006-2947",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2947"
"name" : "21165", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21165" "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
"name" : "oracle-cpu-july-2006(27897)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
} },
} {
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

160
2006/3xxx/CVE-2006-3725.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3725", "ID": "CVE-2006-3725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SNDSrvc and (2) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SymEvent registry keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060715 Norton Insufficient protection of Norton service registry keys", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440110/100/0/threaded" "lang": "eng",
}, "value": "Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SNDSrvc and (2) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SymEvent registry keys."
{ }
"name" : "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php", ]
"refsource" : "MISC", },
"url" : "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18995", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18995" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1241", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1241" ]
}, },
{ "references": {
"name" : "symantec-firewall-registry-dos(27764)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27764" "name": "1241",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1241"
} },
} {
"name": "symantec-firewall-registry-dos(27764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27764"
},
{
"name": "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php"
},
{
"name": "18995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18995"
},
{
"name": "20060715 Norton Insufficient protection of Norton service registry keys",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440110/100/0/threaded"
}
]
}
}

160
2006/4xxx/CVE-2006-4115.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4115", "ID": "CVE-2006-4115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060809 PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442684/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter."
{ }
"name" : "19439", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19439" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3240", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3240" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1375", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1375" ]
}, },
{ "references": {
"name" : "pgmarket-common-file-include(28290)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28290" "name": "19439",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19439"
} },
} {
"name": "1375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1375"
},
{
"name": "20060809 PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442684/100/0/threaded"
},
{
"name": "ADV-2006-3240",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3240"
},
{
"name": "pgmarket-common-file-include(28290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28290"
}
]
}
}

150
2006/4xxx/CVE-2006-4438.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4438", "ID": "CVE-2006-4438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060420 Dr.Web 4.33 antivirus LHA long directory name heap overflow", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name."
{ }
"name" : "20119", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20119" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3719", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3719" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22019", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22019" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20119"
},
{
"name": "22019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22019"
},
{
"name": "ADV-2006-3719",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3719"
},
{
"name": "20060420 Dr.Web 4.33 antivirus LHA long directory name heap overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html"
}
]
}
}

160
2006/4xxx/CVE-2006-4783.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4783", "ID": "CVE-2006-4783",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cms.webspell.org/index.php?site=files&file=11", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cms.webspell.org/index.php?site=files&file=11" "lang": "eng",
}, "value": "SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter."
{ }
"name" : "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D", ]
"refsource" : "CONFIRM", },
"url" : "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3572", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3572" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21881", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21881" ]
}, },
{ "references": {
"name" : "webspell-squads-sql-injection(28898)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28898" "name": "21881",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21881"
} },
} {
"name": "webspell-squads-sql-injection(28898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28898"
},
{
"name": "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D",
"refsource": "CONFIRM",
"url": "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D"
},
{
"name": "ADV-2006-3572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3572"
},
{
"name": "http://cms.webspell.org/index.php?site=files&file=11",
"refsource": "CONFIRM",
"url": "http://cms.webspell.org/index.php?site=files&file=11"
}
]
}
}

200
2006/4xxx/CVE-2006-4846.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4846", "ID": "CVE-2006-4846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.citrix.com/article/CTX110439", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX110439" "lang": "eng",
}, "value": "Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors."
{ }
"name" : "http://support.citrix.com/article/CTX110950", ]
"refsource" : "CONFIRM", },
"url" : "http://support.citrix.com/article/CTX110950" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#658620", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/658620" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20066", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/20066" ]
}, },
{ "references": {
"name" : "ADV-2006-3643", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3643" "name": "1016874",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016874"
"name" : "28938", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28938" "name": "ADV-2006-3643",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3643"
"name" : "1016874", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016874" "name": "VU#658620",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/658620"
"name" : "21941", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21941" "name": "20066",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20066"
"name" : "citrix-acc-ldap-auth-bypass(28990)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28990" "name": "http://support.citrix.com/article/CTX110950",
} "refsource": "CONFIRM",
] "url": "http://support.citrix.com/article/CTX110950"
} },
} {
"name": "21941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21941"
},
{
"name": "citrix-acc-ldap-auth-bypass(28990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28990"
},
{
"name": "28938",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28938"
},
{
"name": "http://support.citrix.com/article/CTX110439",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX110439"
}
]
}
}

130
2006/6xxx/CVE-2006-6007.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6007", "ID": "CVE-2006-6007",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061112 Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451411/100/0/threaded" "lang": "eng",
}, "value": "save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter."
{ }
"name" : "1888", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/1888" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1888",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1888"
},
{
"name": "20061112 Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451411/100/0/threaded"
}
]
}
}

160
2006/6xxx/CVE-2006-6034.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6034", "ID": "CVE-2006-6034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061114 E-commerce Kit 1 PayPal Edition [ injection sql ]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451771/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp."
{ }
"name" : "21056", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21056" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4571", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4571" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22975", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22975" ]
}, },
{ "references": {
"name" : "1900", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1900" "name": "21056",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/21056"
} },
} {
"name": "1900",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1900"
},
{
"name": "22975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22975"
},
{
"name": "ADV-2006-4571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4571"
},
{
"name": "20061114 E-commerce Kit 1 PayPal Edition [ injection sql ]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451771/100/0/threaded"
}
]
}
}

160
2006/6xxx/CVE-2006-6853.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6853", "ID": "CVE-2006-6853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3037", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3037" "lang": "eng",
}, "value": "Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002."
{ }
"name" : "3038", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/3038" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21808", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21808" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1017456", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1017456" ]
}, },
{ "references": {
"name" : "durian-web-bo(31161)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31161" "name": "21808",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/21808"
} },
} {
"name": "1017456",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017456"
},
{
"name": "3037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3037"
},
{
"name": "durian-web-bo(31161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31161"
},
{
"name": "3038",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3038"
}
]
}
}

140
2006/6xxx/CVE-2006-6938.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6938", "ID": "CVE-2006-6938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via \"..\" sequences in the root parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2685", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2685" "lang": "eng",
}, "value": "Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via \"..\" sequences in the root parameter."
{ }
"name" : "20810", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20810" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "nitrotech-common-file-include(29904)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29904" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2685",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2685"
},
{
"name": "nitrotech-common-file-include(29904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29904"
},
{
"name": "20810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20810"
}
]
}
}

190
2010/2xxx/CVE-2010-2058.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2058", "ID": "CVE-2010-2058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100602 prewikka permission bug", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/06/01/13" "lang": "eng",
}, "value": "setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password."
{ }
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=270056", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=270056" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d", "description": [
"refsource" : "CONFIRM", {
"url" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py", ]
"refsource" : "CONFIRM", }
"url" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py" ]
}, },
{ "references": {
"name" : "FEDORA-2009-3789", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00771.html" "name": "GLSA-201101-07",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201101-07.xml"
"name" : "GLSA-201101-07", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201101-07.xml" "name": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d",
}, "refsource": "CONFIRM",
{ "url": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d"
"name" : "42820", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42820" "name": "FEDORA-2009-3789",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00771.html"
"name" : "prewikka-setup-information-disclosure(59223)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59223" "name": "[oss-security] 20100602 prewikka permission bug",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/06/01/13"
} },
} {
"name": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py",
"refsource": "CONFIRM",
"url": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=270056",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=270056"
},
{
"name": "prewikka-setup-information-disclosure(59223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59223"
},
{
"name": "42820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42820"
}
]
}
}

200
2010/2xxx/CVE-2010-2152.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2152", "ID": "CVE-2010-2152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to \"product character attribute processing\" for a document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ipa.go.jp/about/press/20100601.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ipa.go.jp/about/press/20100601.html" "lang": "eng",
}, "value": "Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to \"product character attribute processing\" for a document."
{ }
"name" : "http://www.justsystems.com/jp/info/js10002.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.justsystems.com/jp/info/js10002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#17293765", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN17293765/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2010-000024", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000024.html" ]
}, },
{ "references": {
"name" : "40472", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40472" "name": "ichitaro-attributes-code-execution(59037)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59037"
"name" : "65050", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/65050" "name": "40472",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40472"
"name" : "40008", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40008" "name": "JVN#17293765",
}, "refsource": "JVN",
{ "url": "http://jvn.jp/en/jp/JVN17293765/index.html"
"name" : "ADV-2010-1283", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1283" "name": "ADV-2010-1283",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1283"
"name" : "ichitaro-attributes-code-execution(59037)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59037" "name": "40008",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/40008"
} },
} {
"name": "http://www.justsystems.com/jp/info/js10002.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/js10002.html"
},
{
"name": "65050",
"refsource": "OSVDB",
"url": "http://osvdb.org/65050"
},
{
"name": "JVNDB-2010-000024",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000024.html"
},
{
"name": "http://www.ipa.go.jp/about/press/20100601.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/about/press/20100601.html"
}
]
}
}

180
2010/2xxx/CVE-2010-2677.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2677", "ID": "CVE-2010-2677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "11903", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/11903" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm", "description": [
"refsource" : "MISC", {
"url" : "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.openwebanalytics.com/?p=87", ]
"refsource" : "CONFIRM", }
"url" : "http://www.openwebanalytics.com/?p=87" ]
}, },
{ "references": {
"name" : "63288", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/63288" "name": "http://www.openwebanalytics.com/?p=87",
}, "refsource": "CONFIRM",
{ "url": "http://www.openwebanalytics.com/?p=87"
"name" : "39153", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39153" "name": "11903",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/11903"
"name" : "owa-mwplugin-file-include(57241)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241" "name": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
} },
} {
"name": "39153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39153"
},
{
"name": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm",
"refsource": "MISC",
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"name": "63288",
"refsource": "OSVDB",
"url": "http://osvdb.org/63288"
},
{
"name": "owa-mwplugin-file-include(57241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241"
}
]
}
}

260
2011/0xxx/CVE-2011-0020.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-0020", "ID": "CVE-2011-0020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110118 CVE request: heap corruption in libpango", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/01/18/6" "lang": "eng",
}, "value": "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object."
{ }
"name" : "[oss-security] 20110120 Re: CVE request: heap corruption in libpango", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/01/20/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=639882", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=639882" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=671122", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=671122" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=671122",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
"name" : "RHSA-2011:0180", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0180.html" "name": "https://bugzilla.gnome.org/show_bug.cgi?id=639882",
}, "refsource": "MISC",
{ "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
"name" : "SUSE-SR:2011:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" "name": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
"name" : "45842", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45842" "name": "1024994",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024994"
"name" : "70596", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70596" "name": "pango-pango-bo(64832)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
"name" : "1024994", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024994" "name": "SUSE-SR:2011:005",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
"name" : "42934", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42934" "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
"name" : "43100", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43100" "name": "70596",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/70596"
"name" : "ADV-2011-0186", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0186" "name": "43100",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43100"
"name" : "ADV-2011-0238", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0238" "name": "RHSA-2011:0180",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
"name" : "pango-pango-bo(64832)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832" "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
} },
} {
"name": "ADV-2011-0186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0186"
},
{
"name": "42934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42934"
},
{
"name": "45842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45842"
},
{
"name": "ADV-2011-0238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0238"
}
]
}
}

210
2011/0xxx/CVE-2011-0073.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0073", "ID": "CVE-2011-0073",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\""
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=630919", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=630919" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://downloads.avaya.com/css/P8/documents/100134543", "description": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.avaya.com/css/P8/documents/100134543" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://downloads.avaya.com/css/P8/documents/100144158", ]
"refsource" : "CONFIRM", }
"url" : "http://downloads.avaya.com/css/P8/documents/100144158" ]
}, },
{ "references": {
"name" : "DSA-2227", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2227" "name": "DSA-2228",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2228"
"name" : "DSA-2228", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2228" "name": "oval:org.mitre.oval:def:14020",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14020"
"name" : "DSA-2235", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2235" "name": "MDVSA-2011:079",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
"name" : "MDVSA-2011:079", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=630919",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=630919"
"name" : "oval:org.mitre.oval:def:14020", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14020" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html"
"name" : "8310", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8310" "name": "DSA-2235",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2011/dsa-2235"
} },
} {
"name": "http://downloads.avaya.com/css/P8/documents/100134543",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100134543"
},
{
"name": "DSA-2227",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2227"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "8310",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8310"
}
]
}
}

330
2011/0xxx/CVE-2011-0609.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-0609", "ID": "CVE-2011-0609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011."
{ }
"name" : "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", ]
"refsource" : "CONFIRM", },
"url" : "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/advisories/apsa11-01.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/advisories/apsa11-01.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-06.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-06.html" ]
}, },
{ "references": {
"name" : "RHSA-2011:0372", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0372.html" "name": "46860",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46860"
"name" : "SUSE-SR:2011:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" "name": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html",
}, "refsource": "MISC",
{ "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html"
"name" : "VU#192052", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/192052" "name": "ADV-2011-0732",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0732"
"name" : "46860", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46860" "name": "http://www.adobe.com/support/security/advisories/apsa11-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html"
"name" : "oval:org.mitre.oval:def:14147", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147" "name": "43751",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43751"
"name" : "1025210", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025210" "name": "oval:org.mitre.oval:def:14147",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147"
"name" : "1025211", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025211" "name": "ADV-2011-0656",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0656"
"name" : "1025238", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025238" "name": "1025211",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025211"
"name" : "43751", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43751" "name": "SUSE-SR:2011:005",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
"name" : "43757", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43757" "name": "adobe-flash-authplay-ce(66078)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078"
"name" : "43772", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43772" "name": "ADV-2011-0655",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0655"
"name" : "43856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43856" "name": "1025210",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025210"
"name" : "8152", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8152" "name": "43856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43856"
"name" : "ADV-2011-0655", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0655" "name": "VU#192052",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/192052"
"name" : "ADV-2011-0656", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0656" "name": "43772",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43772"
"name" : "ADV-2011-0688", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0688" "name": "http://www.adobe.com/support/security/bulletins/apsb11-06.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html"
"name" : "ADV-2011-0732", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0732" "name": "8152",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8152"
"name" : "adobe-flash-authplay-ce(66078)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078" "name": "1025238",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1025238"
} },
} {
"name": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html"
},
{
"name": "RHSA-2011:0372",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html"
},
{
"name": "43757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43757"
},
{
"name": "ADV-2011-0688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0688"
}
]
}
}

190
2011/0xxx/CVE-2011-0681.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0681", "ID": "CVE-2011-0681",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/mac/1101/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/1101/" "lang": "eng",
}, "value": "The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL."
{ }
"name" : "http://www.opera.com/docs/changelogs/unix/1101/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/docs/changelogs/unix/1101/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/1101/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/1101/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46036", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/46036" ]
}, },
{ "references": {
"name" : "70727", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70727" "name": "http://www.opera.com/docs/changelogs/windows/1101/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/docs/changelogs/windows/1101/"
"name" : "oval:org.mitre.oval:def:12045", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12045" "name": "ADV-2011-0231",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0231"
"name" : "43023", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43023" "name": "http://www.opera.com/docs/changelogs/unix/1101/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/docs/changelogs/unix/1101/"
"name" : "ADV-2011-0231", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0231" "name": "46036",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/46036"
} },
} {
"name": "http://www.opera.com/docs/changelogs/mac/1101/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1101/"
},
{
"name": "oval:org.mitre.oval:def:12045",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12045"
},
{
"name": "70727",
"refsource": "OSVDB",
"url": "http://osvdb.org/70727"
},
{
"name": "43023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43023"
}
]
}
}

120
2011/0xxx/CVE-2011-0851.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0851", "ID": "CVE-2011-0851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Learning Mgmt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" "lang": "eng",
} "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Learning Mgmt."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

190
2011/1xxx/CVE-2011-1026.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1026", "ID": "CVE-2011-1026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110527 [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518168/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators."
{ }
"name" : "20110531 [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://archiva.apache.org/docs/1.3.5/release-notes.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://archiva.apache.org/docs/1.3.5/release-notes.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://archiva.apache.org/security.html", ]
"refsource" : "CONFIRM", }
"url" : "http://archiva.apache.org/security.html" ]
}, },
{ "references": {
"name" : "48015", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48015" "name": "8266",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8266"
"name" : "44693", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44693" "name": "20110527 [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/518168/100/0/threaded"
"name" : "8266", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8266" "name": "44693",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44693"
"name" : "archiva-multiple-csrf(67671)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67671" "name": "archiva-multiple-csrf(67671)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67671"
} },
} {
"name": "48015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48015"
},
{
"name": "http://archiva.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://archiva.apache.org/security.html"
},
{
"name": "20110531 [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html"
},
{
"name": "http://archiva.apache.org/docs/1.3.5/release-notes.html",
"refsource": "CONFIRM",
"url": "http://archiva.apache.org/docs/1.3.5/release-notes.html"
}
]
}
}

34
2011/1xxx/CVE-2011-1152.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-1152", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-1152",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3712. Reason: This candidate is a duplicate of CVE-2010-3712. Notes: All CVE users should reference CVE-2010-3712 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3712. Reason: This candidate is a duplicate of CVE-2010-3712. Notes: All CVE users should reference CVE-2010-3712 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

160
2011/1xxx/CVE-2011-1841.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1841", "ID": "CVE-2011-1841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "DSA-2239", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2011/dsa-2239" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2011-6465", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47713", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/47713" ]
}, },
{ "references": {
"name" : "mojolicious-linktohelper-xss(67257)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257" "name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
} "refsource": "CONFIRM",
] "url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
} },
} {
"name": "mojolicious-linktohelper-xss(67257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
]
}
}

150
2011/1xxx/CVE-2011-1872.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1872", "ID": "CVE-2011-1872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka \"VMBus Persistent DoS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS11-047", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-047" "lang": "eng",
}, "value": "Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka \"VMBus Persistent DoS Vulnerability.\""
{ }
"name" : "48179", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/48179" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12650", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12650" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1025644", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1025644" ]
} },
] "references": {
} "reference_data": [
} {
"name": "48179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48179"
},
{
"name": "oval:org.mitre.oval:def:12650",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12650"
},
{
"name": "MS11-047",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-047"
},
{
"name": "1025644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025644"
}
]
}
}

34
2011/4xxx/CVE-2011-4009.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4009", "ID": "CVE-2011-4009",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2011/4xxx/CVE-2011-4105.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4105", "ID": "CVE-2011-4105",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[LightDM] 20111102 Version 1.0.6 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html" "lang": "eng",
}, "value": "LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority."
{ }
"name" : "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2011/11/02/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/11/02/10" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20111102 Re: [LightDM] Version 1.0.6 released", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2011/11/02/6" ]
}, },
{ "references": {
"name" : "USN-1262-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1262-1" "name": "USN-1262-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1262-1"
} },
} {
"name": "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/02/9"
},
{
"name": "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/02/10"
},
{
"name": "[oss-security] 20111102 Re: [LightDM] Version 1.0.6 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/02/6"
},
{
"name": "[LightDM] 20111102 Version 1.0.6 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html"
}
]
}
}

170
2011/4xxx/CVE-2011-4112.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4112", "ID": "CVE-2011-4112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111121 CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/11/21/4" "lang": "eng",
}, "value": "The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=751006", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=751006" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=751006",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751006"
"name" : "http://downloads.avaya.com/css/P8/documents/100156038", },
"refsource" : "CONFIRM", {
"url" : "http://downloads.avaya.com/css/P8/documents/100156038" "name": "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162",
} "refsource": "CONFIRM",
] "url": "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162"
} },
} {
"name": "http://downloads.avaya.com/css/P8/documents/100156038",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100156038"
},
{
"name": "[oss-security] 20111121 CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/21/4"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
}
]
}
}

34
2011/4xxx/CVE-2011-4416.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-4416", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-4416",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

160
2011/5xxx/CVE-2011-5099.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5099", "ID": "CVE-2011-5099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html" "lang": "eng",
}, "value": "SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53208", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53208" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48934", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48934" ]
}, },
{ "references": {
"name" : "modccnewsletter-popup-sql-injection(75112)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75112" "name": "modccnewsletter-popup-sql-injection(75112)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75112"
} },
} {
"name": "53208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53208"
},
{
"name": "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html"
},
{
"name": "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html",
"refsource": "CONFIRM",
"url": "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html"
},
{
"name": "48934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48934"
}
]
}
}

140
2011/5xxx/CVE-2011-5111.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5111", "ID": "CVE-2011-5111",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php."
{ }
"name" : "50797", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50797" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "balitbang-hal-sql-injection(71466)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71466" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "50797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50797"
},
{
"name": "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt"
},
{
"name": "balitbang-hal-sql-injection(71466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71466"
}
]
}
}

140
2014/2xxx/CVE-2014-2006.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-2006", "ID": "CVE-2014-2006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#80006084", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN80006084/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2014-000063", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000063" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN80006084/995199/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN80006084/995199/index.html"
},
{
"name": "JVNDB-2014-000063",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000063"
},
{
"name": "JVN#80006084",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80006084/index.html"
}
]
}
}

160
2014/2xxx/CVE-2014-2606.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2014-2606", "ID": "CVE-2014-2606",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST03039", "description_data": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279" "lang": "eng",
}, "value": "Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors."
{ }
"name" : "SSRT101457", ]
"refsource" : "HP", },
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68542", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68542" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030567", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030567" ]
}, },
{ "references": {
"name" : "hp-storevirtual-cve20142606-priv-esc(94496)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94496" "name": "68542",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/68542"
} },
} {
"name": "1030567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030567"
},
{
"name": "HPSBST03039",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279"
},
{
"name": "hp-storevirtual-cve20142606-priv-esc(94496)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94496"
},
{
"name": "SSRT101457",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279"
}
]
}
}

34
2014/2xxx/CVE-2014-2725.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2725", "ID": "CVE-2014-2725",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/2xxx/CVE-2014-2884.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-2884", "ID": "CVE-2014-2884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140417 Re: TrueCrypt audit report", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7" "lang": "eng",
}, "value": "The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call."
{ }
"name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", ]
"refsource" : "MISC", },
"url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf",
"refsource": "MISC",
"url": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf"
},
{
"name": "[oss-security] 20140417 Re: TrueCrypt audit report",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/17/7"
}
]
}
}

160
2014/3xxx/CVE-2014-3248.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3248", "ID": "CVE-2014-3248",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "description_data": [
"refsource" : "MISC", {
"url" : "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
{ }
"name" : "http://puppetlabs.com/security/cve/cve-2014-3248", ]
"refsource" : "CONFIRM", },
"url" : "http://puppetlabs.com/security/cve/cve-2014-3248" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68035", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68035" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59197", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/59197" ]
}, },
{ "references": {
"name" : "59200", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59200" "name": "http://puppetlabs.com/security/cve/cve-2014-3248",
} "refsource": "CONFIRM",
] "url": "http://puppetlabs.com/security/cve/cve-2014-3248"
} },
} {
"name": "59197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68035"
}
]
}
}

130
2014/3xxx/CVE-2014-3269.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3269", "ID": "CVE-2014-3269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268" "lang": "eng",
}, "value": "The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204."
{ }
"name" : "20140516 Cisco IOS XE Software SNMP Denial of Service Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3269" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140516 Cisco IOS XE Software SNMP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3269"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268"
}
]
}
}

130
2014/3xxx/CVE-2014-3938.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3938", "ID": "CVE-2014-3938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2014-6/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2014-6/" "lang": "eng",
}, "value": "Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow."
{ }
"name" : "58000", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/58000" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2014-6/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2014-6/"
},
{
"name": "58000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58000"
}
]
}
}

130
2014/6xxx/CVE-2014-6298.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6298", "ID": "CVE-2014-6298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/", "description_data": [
"refsource" : "MISC", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors."
{ }
"name" : "http://typo3.org/extensions/repository/view/mm_forum", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/extensions/repository/view/mm_forum" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/mm_forum",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mm_forum"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/"
}
]
}
}

34
2014/6xxx/CVE-2014-6402.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6402", "ID": "CVE-2014-6402",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/6xxx/CVE-2014-6852.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6852", "ID": "CVE-2014-6852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#943473", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/943473" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#943473",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/943473"
}
]
}
}

160
2014/7xxx/CVE-2014-7182.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7182", "ID": "CVE-2014-7182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141015 Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533699/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php."
{ }
"name" : "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23236", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23236" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wordpress.org/plugins/wp-google-maps/changelog", ]
"refsource" : "CONFIRM", }
"url" : "https://wordpress.org/plugins/wp-google-maps/changelog" ]
}, },
{ "references": {
"name" : "70597", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70597" "name": "https://wordpress.org/plugins/wp-google-maps/changelog",
} "refsource": "CONFIRM",
] "url": "https://wordpress.org/plugins/wp-google-maps/changelog"
} },
} {
"name": "20141015 Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533699/100/0/threaded"
},
{
"name": "70597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70597"
},
{
"name": "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23236",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23236"
}
]
}
}

140
2014/7xxx/CVE-2014-7398.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7398", "ID": "CVE-2014-7398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#674985", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/674985" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#674985",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/674985"
}
]
}
}

140
2014/7xxx/CVE-2014-7576.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7576", "ID": "CVE-2014-7576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#105097", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/105097" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#105097",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/105097"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7701.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7701", "ID": "CVE-2014-7701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#881345", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/881345" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#881345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/881345"
}
]
}
}

140
2014/7xxx/CVE-2014-7768.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7768", "ID": "CVE-2014-7768",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#623329", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/623329" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#623329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/623329"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

200
2014/7xxx/CVE-2014-7821.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-7821", "ID": "CVE-2014-7821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openstack-announce] 20141119 [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html" "lang": "eng",
}, "value": "OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/neutron/+bug/1378450", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/neutron/+bug/1378450" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-5997", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html" ]
}, },
{ "references": {
"name" : "RHSA-2014:1938", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1938.html" "name": "RHSA-2014:1938",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1938.html"
"name" : "RHSA-2014:1942", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1942.html" "name": "neutron-cve20147821-dos(98818)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818"
"name" : "RHSA-2015:0044", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0044.html" "name": "RHSA-2015:0044",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0044.html"
"name" : "62586", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62586" "name": "FEDORA-2015-5997",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html"
"name" : "neutron-cve20147821-dos(98818)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
} },
} {
"name": "[openstack-announce] 20141119 [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html"
},
{
"name": "RHSA-2014:1942",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1942.html"
},
{
"name": "62586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62586"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1378450",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1378450"
}
]
}
}

130
2016/2xxx/CVE-2016-2912.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2912", "ID": "CVE-2016-2912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988263", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988263" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "92335", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92335" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988263",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988263"
},
{
"name": "92335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92335"
}
]
}
}

150
2017/0xxx/CVE-2017-0376.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-0376", "ID": "CVE-2017-0376",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Tor before 0.3.0.8", "product_name": "Tor before 0.3.0.8",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Tor before 0.3.0.8" "version_value": "Tor before 0.3.0.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "reachable assertion"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd" "lang": "eng",
}, "value": "The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit."
{ }
"name" : "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html", ]
"refsource" : "CONFIRM", },
"url" : "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://trac.torproject.org/projects/tor/ticket/22494", "description": [
"refsource" : "CONFIRM", {
"url" : "https://trac.torproject.org/projects/tor/ticket/22494" "lang": "eng",
}, "value": "reachable assertion"
{ }
"name" : "DSA-3877", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3877" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html",
"refsource": "CONFIRM",
"url": "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html"
},
{
"name": "DSA-3877",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3877"
},
{
"name": "https://trac.torproject.org/projects/tor/ticket/22494",
"refsource": "CONFIRM",
"url": "https://trac.torproject.org/projects/tor/ticket/22494"
},
{
"name": "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd",
"refsource": "CONFIRM",
"url": "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd"
}
]
}
}

34
2017/18xxx/CVE-2017-18002.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18002", "ID": "CVE-2017-18002",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

214
2017/1xxx/CVE-2017-1334.json
View File

@ -1,109 +1,109 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-27T00:00:00", "DATE_PUBLIC": "2017-09-27T00:00:00",
"ID" : "CVE-2017-1334", "ID": "CVE-2017-1334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Engineering Lifecycle Manager", "product_name": "Rational Engineering Lifecycle Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.0.3" "version_value": "4.0.3"
}, },
{ {
"version_value" : "4.0.4" "version_value": "4.0.4"
}, },
{ {
"version_value" : "4.0.5" "version_value": "4.0.5"
}, },
{ {
"version_value" : "4.0.6" "version_value": "4.0.6"
}, },
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "4.0.7" "version_value": "4.0.7"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242" "lang": "eng",
}, "value": "IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22008785", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22008785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101062", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101062" "lang": "eng",
} "value": "Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008785"
},
{
"name": "101062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101062"
}
]
}
}

166
2017/1xxx/CVE-2017-1356.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-14T00:00:00", "DATE_PUBLIC": "2017-07-14T00:00:00",
"ID" : "CVE-2017-1356", "ID": "CVE-2017-1356",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Atlas eDiscovery Process Management", "product_name": "Atlas eDiscovery Process Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.3.2" "version_value": "6.0.3.2"
}, },
{ {
"version_value" : "6.0.3.3" "version_value": "6.0.3.3"
}, },
{ {
"version_value" : "6.0.3.4" "version_value": "6.0.3.4"
}, },
{ {
"version_value" : "6.0.3.5" "version_value": "6.0.3.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683" "lang": "eng",
}, "value": "IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683."
{ }
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22005835", ]
"refsource" : "CONFIRM", },
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22005835" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102033", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102033" "lang": "eng",
} "value": "Data Manipulation"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22005835",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22005835"
},
{
"name": "102033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102033"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683"
}
]
}
}

180
2017/1xxx/CVE-2017-1372.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-17T00:00:00", "DATE_PUBLIC": "2017-07-17T00:00:00",
"ID" : "CVE-2017-1372", "ID": "CVE-2017-1372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TRIRIGA Application Platform", "product_name": "TRIRIGA Application Platform",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.3" "version_value": "3.3"
}, },
{ {
"version_value" : "3.3.1" "version_value": "3.3.1"
}, },
{ {
"version_value" : "3.3.2" "version_value": "3.3.2"
}, },
{ {
"version_value" : "3.4" "version_value": "3.4"
}, },
{ {
"version_value" : "3.4.1" "version_value": "3.4.1"
}, },
{ {
"version_value" : "3.4.2" "version_value": "3.4.2"
}, },
{ {
"version_value" : "3.5" "version_value": "3.5"
}, },
{ {
"version_value" : "3.5.1" "version_value": "3.5.1"
}, },
{ {
"version_value" : "3.5.2" "version_value": "3.5.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865" "lang": "eng",
}, "value": "IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004675", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004675" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004675",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004675"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865"
}
]
}
}

284
2017/5xxx/CVE-2017-5439.json
View File

@ -1,144 +1,144 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-5439", "ID": "CVE-2017-5439",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.1" "version_value": "52.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "45.9" "version_value": "45.9"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.1" "version_value": "52.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "53" "version_value": "53"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free in nsTArray Length() during XSLT processing"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830" "lang": "eng",
}, "value": "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" "lang": "eng",
}, "value": "Use-after-free in nsTArray Length() during XSLT processing"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" ]
}, },
{ "references": {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830"
"name" : "DSA-3831", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-3831" "name": "RHSA-2017:1106",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1106"
"name" : "RHSA-2017:1104", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1104" "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
"name" : "RHSA-2017:1106", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1106" "name": "103053",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/103053"
"name" : "RHSA-2017:1201", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1201" "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
"name" : "103053", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103053" "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
"name" : "97940", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97940" "name": "97940",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97940"
"name" : "1038320", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038320" "name": "DSA-3831",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2017/dsa-3831"
} },
} {
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "RHSA-2017:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

152
2017/5xxx/CVE-2017-5450.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-5450", "ID": "CVE-2017-5450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "53" "version_value": "53"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A mechanism to spoof the Firefox for Android addressbar using a \"javascript:\" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Addressbar spoofing using javascript: URI on Firefox for Android"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955" "lang": "eng",
}, "value": "A mechanism to spoof the Firefox for Android addressbar using a \"javascript:\" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97940", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97940" "lang": "eng",
}, "value": "Addressbar spoofing using javascript: URI on Firefox for Android"
{ }
"name" : "1038320", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038320" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
}
]
}
}

140
2017/5xxx/CVE-2017-5567.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5567", "ID": "CVE-2017-5567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a \"DoubleAgent\" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cybellum.com/doubleagent-taking-full-control-antivirus/", "description_data": [
"refsource" : "MISC", {
"url" : "http://cybellum.com/doubleagent-taking-full-control-antivirus/" "lang": "eng",
}, "value": "Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a \"DoubleAgent\" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack."
{ }
"name" : "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/", ]
"refsource" : "MISC", },
"url" : "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97017", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97017" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://cybellum.com/doubleagent-taking-full-control-antivirus/",
"refsource": "MISC",
"url": "http://cybellum.com/doubleagent-taking-full-control-antivirus/"
},
{
"name": "97017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97017"
},
{
"name": "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/",
"refsource": "MISC",
"url": "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/"
}
]
}
}

34
2017/5xxx/CVE-2017-5744.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5744", "ID": "CVE-2017-5744",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2017/5xxx/CVE-2017-5782.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-02-03T00:00:00", "DATE_PUBLIC": "2017-02-03T00:00:00",
"ID" : "CVE-2017-5782", "ID": "CVE-2017-5782",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Matrix Operating Environment", "product_name": "Matrix Operating Environment",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v7.6" "version_value": "v7.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "missing HSTS Header"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" "lang": "eng",
} "value": "A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "missing HSTS Header"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680"
}
]
}
}