admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:15:19 +00:00
parent 5ba87c002b
commit 7c773ee80f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3987 additions and 3987 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0056.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0056", "ID": "CVE-2001-0056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001204 Multiple Vulnerabilities in CBOS", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/CBOS-multiple.shtml" "lang": "eng",
}, "value": "The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection."
{ }
"name" : "cisco-cbos-invalid-login(5628)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5628" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-cbos-invalid-login(5628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5628"
},
{
"name": "20001204 Multiple Vulnerabilities in CBOS",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/CBOS-multiple.shtml"
}
]
}
}

130
2001/0xxx/CVE-2001-0266.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0266", "ID": "CVE-2001-0266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0102-143", "description_data": [
"refsource" : "HP", {
"url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0069.html" "lang": "eng",
}, "value": "Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges."
{ }
"name" : "6033", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/6033" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6033",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6033"
},
{
"name": "HPSBUX0102-143",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q1/0069.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0274.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0274", "ID": "CVE-2001-0274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010214 Security hole in kicq", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html" "lang": "eng",
}, "value": "kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
{ }
"name" : "20010303 Re: Security hole in kicq", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "kicq-execute-commands(6112)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6112" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "kicq-execute-commands(6112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6112"
},
{
"name": "20010303 Re: Security hole in kicq",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html"
},
{
"name": "20010214 Security hole in kicq",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html"
}
]
}
}

130
2001/0xxx/CVE-2001-0759.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0759", "ID": "CVE-2001-0759",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010614 Buffer overflow in BestCrypt for Linux", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/191111" "lang": "eng",
}, "value": "Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount."
{ }
"name" : "2875", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2875" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010614 Buffer overflow in BestCrypt for Linux",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191111"
},
{
"name": "2875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2875"
}
]
}
}

140
2001/1xxx/CVE-2001-1438.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1438", "ID": "CVE-2001-1438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011022 PalmOS crashes receiving SMS images using Handspring VisorPhone", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://www.securityfocus.com/archive/82/222110" "lang": "eng",
}, "value": "Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image."
{ }
"name" : "VU#222739", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/222739" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "handspring-visor-sms-dos(10637)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10637" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20011022 PalmOS crashes receiving SMS images using Handspring VisorPhone",
"refsource": "VULN-DEV",
"url": "http://www.securityfocus.com/archive/82/222110"
},
{
"name": "VU#222739",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/222739"
},
{
"name": "handspring-visor-sms-dos(10637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10637"
}
]
}
}

170
2001/1xxx/CVE-2001-1447.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1447", "ID": "CVE-2001-1447",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) \"recent items\" and (2) \"services\" menus, which causes the applications to run with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011017 Mac OS X setuid root security hole", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0121.html" "lang": "eng",
}, "value": "NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) \"recent items\" and (2) \"services\" menus, which causes the applications to run with root privileges."
{ }
"name" : "20011017 Re: Mac OS X setuid root security hole", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0130.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#945747", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/945747" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "M-007", ]
"refsource" : "CIAC", }
"url" : "http://www.ciac.org/ciac/bulletins/m-007.shtml" ]
}, },
{ "references": {
"name" : "3439", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3439" "name": "M-007",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/m-007.shtml"
"name" : "macos-netinfo-root-privileges(7303)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7303" "name": "20011017 Re: Mac OS X setuid root security hole",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0130.html"
} },
} {
"name": "VU#945747",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/945747"
},
{
"name": "20011017 Mac OS X setuid root security hole",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0121.html"
},
{
"name": "3439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3439"
},
{
"name": "macos-netinfo-root-privileges(7303)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7303"
}
]
}
}

250
2006/2xxx/CVE-2006-2162.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-2162", "ID": "CVE-2006-2162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890" "lang": "eng",
}, "value": "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header."
{ }
"name" : "http://www.nagios.org/development/changelog.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.nagios.org/development/changelog.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1072", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1072" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200605-07", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml" ]
}, },
{ "references": {
"name" : "SUSE-SR:2006:011", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_05_19.html" "name": "GLSA-200605-07",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
"name" : "USN-282-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/282-1/" "name": "USN-282-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/282-1/"
"name" : "17879", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17879" "name": "DSA-1072",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1072"
"name" : "ADV-2006-1662", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1662" "name": "SUSE-SR:2006:011",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
"name" : "19991", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19991" "name": "http://www.nagios.org/development/changelog.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.nagios.org/development/changelog.php"
"name" : "19998", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19998" "name": "ADV-2006-1662",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1662"
"name" : "20013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20013" "name": "19998",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19998"
"name" : "20215", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20215" "name": "19991",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19991"
"name" : "20247", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20247" "name": "nagios-multiple-scripts-bo(26253)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253"
"name" : "nagios-multiple-scripts-bo(26253)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253" "name": "20013",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20013"
} },
} {
"name": "20215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20215"
},
{
"name": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890"
},
{
"name": "17879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17879"
},
{
"name": "20247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20247"
}
]
}
}

190
2006/2xxx/CVE-2006-2309.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2006-2309", "ID": "CVE-2006-2309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435415/100/0/threaded" "lang": "eng",
}, "value": "The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files."
{ }
"name" : "http://secunia.com/secunia_research/2006-37/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2006-37/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.eserv.ru/ru/news/news_detail.php?ID=235", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.eserv.ru/ru/news/news_detail.php?ID=235" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18179", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18179" ]
}, },
{ "references": {
"name" : "ADV-2006-2066", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2066" "name": "20059",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20059"
"name" : "20059", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20059" "name": "1006",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1006"
"name" : "1006", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1006" "name": "http://secunia.com/secunia_research/2006-37/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2006-37/advisory/"
"name" : "eserv-file-extension-source-code-disclosure(26741)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26741" "name": "eserv-file-extension-source-code-disclosure(26741)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26741"
} },
} {
"name": "ADV-2006-2066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2066"
},
{
"name": "18179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18179"
},
{
"name": "20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435415/100/0/threaded"
},
{
"name": "http://www.eserv.ru/ru/news/news_detail.php?ID=235",
"refsource": "CONFIRM",
"url": "http://www.eserv.ru/ru/news/news_detail.php?ID=235"
}
]
}
}

160
2006/2xxx/CVE-2006-2442.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2442", "ID": "CVE-2006-2442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830" "lang": "eng",
}, "value": "kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords."
{ }
"name" : "DSA-1062", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1062" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2006:089", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:089" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18049", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18049" ]
}, },
{ "references": {
"name" : "ADV-2006-1862", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1862" "name": "MDKSA-2006:089",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:089"
} },
} {
"name": "18049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18049"
},
{
"name": "ADV-2006-1862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1862"
},
{
"name": "DSA-1062",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1062"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830"
}
]
}
}

34
2006/2xxx/CVE-2006-2456.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2456", "ID": "CVE-2006-2456",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

220
2006/2xxx/CVE-2006-2551.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2551", "ID": "CVE-2006-2551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm" "lang": "eng",
}, "value": "Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors."
{ }
"name" : "HPSBUX02120", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/434717/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT051057", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/434717/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18057", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18057" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:5702", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5702" "name": "oval:org.mitre.oval:def:5702",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5702"
"name" : "ADV-2006-1913", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1913" "name": "21140",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21140"
"name" : "1016135", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016135" "name": "20459",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20459"
"name" : "20227", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20227" "name": "1016135",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016135"
"name" : "20459", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20459" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm"
"name" : "21140", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21140" "name": "18057",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18057"
"name" : "hp-kernel-dos(26593)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26593" "name": "HPSBUX02120",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/434717/100/0/threaded"
} },
} {
"name": "SSRT051057",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434717/100/0/threaded"
},
{
"name": "hp-kernel-dos(26593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26593"
},
{
"name": "ADV-2006-1913",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1913"
},
{
"name": "20227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20227"
}
]
}
}

130
2006/2xxx/CVE-2006-2848.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2848", "ID": "CVE-2006-2848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435735/100/0/threaded" "lang": "eng",
}, "value": "links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field."
{ }
"name" : "1859", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/1859" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1859"
}
]
}
}

150
2008/5xxx/CVE-2008-5600.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5600", "ID": "CVE-2008-5600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7352", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7352" "lang": "eng",
}, "value": "Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb."
{ }
"name" : "33009", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/33009" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4757", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4757" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "merlix-teamworx-information-disclosure(47125)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47125" ]
} },
] "references": {
} "reference_data": [
} {
"name": "33009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33009"
},
{
"name": "4757",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4757"
},
{
"name": "merlix-teamworx-information-disclosure(47125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47125"
},
{
"name": "7352",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7352"
}
]
}
}

150
2008/5xxx/CVE-2008-5931.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5931", "ID": "CVE-2008-5931",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7436", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7436" "lang": "eng",
}, "value": "The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information."
{ }
"name" : "33134", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/33134" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4931", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4931" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "aspired2blog-blog-info-disclosure(47294)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47294" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4931",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4931"
},
{
"name": "aspired2blog-blog-info-disclosure(47294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47294"
},
{
"name": "7436",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7436"
},
{
"name": "33134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33134"
}
]
}
}

140
2008/5xxx/CVE-2008-5935.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5935", "ID": "CVE-2008-5935",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081211 facto Database Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499125/100/0/threaded" "lang": "eng",
}, "value": "Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information."
{ }
"name" : "4934", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4934" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "facto-facto-information-disclosure(47278)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47278" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4934",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4934"
},
{
"name": "20081211 facto Database Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499125/100/0/threaded"
},
{
"name": "facto-facto-information-disclosure(47278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47278"
}
]
}
}

150
2011/2xxx/CVE-2011-2075.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2075", "ID": "CVE-2011-2075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php" "lang": "eng",
}, "value": "Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
{ }
"name" : "http://www.youtube.com/watch?v=c8cQ0yU89sk", ]
"refsource" : "MISC", },
"url" : "http://www.youtube.com/watch?v=c8cQ0yU89sk" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47771", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47771" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14099", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14099" ]
} },
] "references": {
} "reference_data": [
} {
"name": "47771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47771"
},
{
"name": "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php",
"refsource": "MISC",
"url": "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php"
},
{
"name": "http://www.youtube.com/watch?v=c8cQ0yU89sk",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=c8cQ0yU89sk"
},
{
"name": "oval:org.mitre.oval:def:14099",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14099"
}
]
}
}

180
2011/2xxx/CVE-2011-2332.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2332", "ID": "CVE-2011-2332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=83275", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=83275" "lang": "eng",
}, "value": "Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48129", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48129" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "72790", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/72790" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14242", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14242" "name": "72790",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/72790"
"name" : "44829", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44829" "name": "chrome-v8-security-bypass(67903)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67903"
"name" : "chrome-v8-security-bypass(67903)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67903" "name": "44829",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/44829"
} },
} {
"name": "oval:org.mitre.oval:def:14242",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14242"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=83275",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=83275"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html"
},
{
"name": "48129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48129"
}
]
}
}

34
2011/2xxx/CVE-2011-2335.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2335", "ID": "CVE-2011-2335",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2011/2xxx/CVE-2011-2795.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2795", "ID": "CVE-2011-2795",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a \"cross-frame function leak.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=87339", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=87339" "lang": "eng",
}, "value": "Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a \"cross-frame function leak.\""
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74245", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/74245" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14653", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14653" ]
}, },
{ "references": {
"name" : "google-chrome-function-info-disclosure(68957)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68957" "name": "74245",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/74245"
} },
} {
"name": "oval:org.mitre.oval:def:14653",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14653"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=87339",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=87339"
},
{
"name": "google-chrome-function-info-disclosure(68957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68957"
}
]
}
}

250
2011/2xxx/CVE-2011-2939.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2939", "ID": "CVE-2011-2939",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/08/18/8" "lang": "eng",
}, "value": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow."
{ }
"name" : "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2011/08/19/17" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)", ]
"refsource" : "CONFIRM", }
"url" : "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=731246", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=731246" "name": "46989",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46989"
"name" : "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod", },
"refsource" : "CONFIRM", {
"url" : "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod" "name": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod",
}, "refsource": "CONFIRM",
{ "url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
"name" : "MDVSA-2012:008", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008" "name": "55314",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55314"
"name" : "RHSA-2011:1424", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1424.html" "name": "USN-1643-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1643-1"
"name" : "USN-1643-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1643-1" "name": "49858",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49858"
"name" : "49858", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49858" "name": "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
"name" : "46989", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46989" "name": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5",
}, "refsource": "CONFIRM",
{ "url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
"name" : "51457", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51457" "name": "46172",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46172"
"name" : "46172", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46172" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=731246",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
"name" : "55314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55314" "name": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)",
} "refsource": "CONFIRM",
] "url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)"
} },
} {
"name": "MDVSA-2012:008",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"name": "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"name": "51457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51457"
}
]
}
}

170
2011/2xxx/CVE-2011-2990.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2990", "ID": "CVE-2011-2990",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" "lang": "eng",
}, "value": "The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=664983", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=664983" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679588", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679588" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" ]
}, },
{ "references": {
"name" : "SUSE-SA:2011:037", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" "name": "oval:org.mitre.oval:def:14458",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14458"
"name" : "oval:org.mitre.oval:def:14458", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14458" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html",
} "refsource": "CONFIRM",
] "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=664983",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=664983"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=679588",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=679588"
},
{
"name": "SUSE-SA:2011:037",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html"
}
]
}
}

160
2011/3xxx/CVE-2011-3163.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-3163", "ID": "CVE-2011-3163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBPI02711", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=131914362310845&w=2" "lang": "eng",
}, "value": "HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors."
{ }
"name" : "SSRT100647", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=131914362310845&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50297", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50297" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46532", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/46532" ]
}, },
{ "references": {
"name" : "8479", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8479" "name": "SSRT100647",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=131914362310845&w=2"
} },
} {
"name": "8479",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8479"
},
{
"name": "50297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50297"
},
{
"name": "HPSBPI02711",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131914362310845&w=2"
},
{
"name": "46532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46532"
}
]
}
}

34
2011/3xxx/CVE-2011-3258.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3258", "ID": "CVE-2011-3258",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2011/3xxx/CVE-2011-3310.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-3310", "ID": "CVE-2011-3310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs" "lang": "eng",
}, "value": "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535."
{ }
"name" : "50284", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50284" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46533", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46533" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ciscoworks-common-services-command-exec(70759)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
},
{
"name": "50284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50284"
},
{
"name": "46533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46533"
},
{
"name": "ciscoworks-common-services-command-exec(70759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
}
]
}
}

160
2011/3xxx/CVE-2011-3506.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-3506", "ID": "CVE-2011-3506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication."
{ }
"name" : "RHSA-2012:1232", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46527", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46527" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46528", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/46528" ]
}, },
{ "references": {
"name" : "50084", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50084" "name": "46527",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/46527"
} },
} {
"name": "46528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46528"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name": "50084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50084"
},
{
"name": "RHSA-2012:1232",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
}
]
}
}

34
2011/3xxx/CVE-2011-3842.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3842", "ID": "CVE-2011-3842",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

340
2013/0xxx/CVE-2013-0269.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0269", "ID": "CVE-2013-0269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/02/11/7" "lang": "eng",
}, "value": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\""
{ }
"name" : "[oss-security] 20130211 Patch update for [CVE-2013-0269]", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/02/11/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]", "description": [
"refsource" : "MLIST", {
"url" : "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection", ]
"refsource" : "MISC", }
"url" : "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection" ]
}, },
{ "references": {
"name" : "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" "name": "RHSA-2013:0701",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html"
"name" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", },
"refsource" : "CONFIRM", {
"url" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" "name": "openSUSE-SU-2013:0603",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html"
"name" : "https://puppet.com/security/cve/cve-2013-0269", },
"refsource" : "CONFIRM", {
"url" : "https://puppet.com/security/cve/cve-2013-0269" "name": "APPLE-SA-2013-10-22-5",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
"name" : "APPLE-SA-2013-10-22-5", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" "name": "SSA:2013-075-01",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862"
"name" : "RHSA-2013:0686", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0686.html" "name": "52774",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52774"
"name" : "RHSA-2013:0701", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0701.html" "name": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed",
}, "refsource": "CONFIRM",
{ "url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"
"name" : "RHSA-2013:1028", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1028.html" "name": "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
}, "refsource": "MLIST",
{ "url": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain"
"name" : "RHSA-2013:1147", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1147.html" "name": "90074",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/90074"
"name" : "SSA:2013-075-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862" "name": "https://puppet.com/security/cve/cve-2013-0269",
}, "refsource": "CONFIRM",
{ "url": "https://puppet.com/security/cve/cve-2013-0269"
"name" : "openSUSE-SU-2013:0603", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html" "name": "52902",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52902"
"name" : "SUSE-SU-2013:0609", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html" "name": "RHSA-2013:0686",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
"name" : "SUSE-SU-2013:0647", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html" "name": "57899",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57899"
"name" : "USN-1733-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1733-1" "name": "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/02/11/7"
"name" : "57899", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57899" "name": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection",
}, "refsource": "MISC",
{ "url": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection"
"name" : "90074", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/90074" "name": "[oss-security] 20130211 Patch update for [CVE-2013-0269]",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/02/11/8"
"name" : "52075", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52075" "name": "USN-1733-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1733-1"
"name" : "52774", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52774" "name": "SUSE-SU-2013:0609",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html"
"name" : "52902", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52902" "name": "RHSA-2013:1028",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
"name" : "json-ruby-security-bypass(82010)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010" "name": "json-ruby-security-bypass(82010)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010"
} },
} {
"name": "RHSA-2013:1147",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"
},
{
"name": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"
},
{
"name": "52075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52075"
},
{
"name": "SUSE-SU-2013:0647",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html"
}
]
}
}

120
2013/0xxx/CVE-2013-0299.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0299", "ID": "CVE-2013-0299",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-004/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-004/" "lang": "eng",
} "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
]
}
}

140
2013/0xxx/CVE-2013-0566.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-0566", "ID": "CVE-2013-0566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21647750", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21647750" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JR46776", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR46776" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "wscommerce-cve20130566-xss(83139)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83139" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JR46776",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR46776"
},
{
"name": "wscommerce-cve20130566-xss(83139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83139"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21647750",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21647750"
}
]
}
}

120
2013/1xxx/CVE-2013-1157.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1157", "ID": "CVE-2013-1157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130430 Cisco Prime Central for Hosted Collaboration Solution ITM Java Servlet Container Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1157" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130430 Cisco Prime Central for Hosted Collaboration Solution ITM Java Servlet Container Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1157"
}
]
}
}

120
2013/1xxx/CVE-2013-1178.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1178", "ID": "CVE-2013-1178",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130424 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti" "lang": "eng",
} "value": "Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130424 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti"
}
]
}
}

140
2013/1xxx/CVE-2013-1289.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1289", "ID": "CVE-2013-1289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-035", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\""
{ }
"name" : "TA13-100A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-100A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16599", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA13-100A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-100A"
},
{
"name": "oval:org.mitre.oval:def:16599",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599"
},
{
"name": "MS13-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035"
}
]
}
}

170
2013/1xxx/CVE-2013-1373.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-1373", "ID": "CVE-2013-1373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372."
{ }
"name" : "RHSA-2013:0254", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:0296", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0295", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0298", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" "name": "SUSE-SU-2013:0296",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html"
"name" : "TA13-043A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" "name": "RHSA-2013:0254",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html"
} },
} {
"name": "openSUSE-SU-2013:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html"
},
{
"name": "openSUSE-SU-2013:0298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html"
},
{
"name": "TA13-043A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html"
}
]
}
}

200
2013/1xxx/CVE-2013-1393.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1393", "ID": "CVE-2013-1393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the \"administer curvycorners\" permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130123 CVE-2013-1393", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Jan/218" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the \"administer curvycorners\" permission to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "20130123 [Security-news] SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2013/Jan/211" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://drupal.org/node/1896718", "description": [
"refsource" : "MISC", {
"url" : "https://drupal.org/node/1896718" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html" "name": "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html"
"name" : "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt", },
"refsource" : "MISC", {
"url" : "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt" "name": "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html"
"name" : "57526", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57526" "name": "20130123 CVE-2013-1393",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Jan/218"
"name" : "89571", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/89571" "name": "89571",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/89571"
"name" : "drupal-curvycorners-unspecified-xss(81499)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81499" "name": "20130123 [Security-news] SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2013/Jan/211"
} },
} {
"name": "57526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57526"
},
{
"name": "drupal-curvycorners-unspecified-xss(81499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81499"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt"
},
{
"name": "https://drupal.org/node/1896718",
"refsource": "MISC",
"url": "https://drupal.org/node/1896718"
}
]
}
}

130
2013/1xxx/CVE-2013-1503.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-1503", "ID": "CVE-2013-1503",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

460
2013/1xxx/CVE-2013-1557.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-1557", "ID": "CVE-2013-1557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions\" in the LogStream.setDefaultStream method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions\" in the LogStream.setDefaultStream method."
{ }
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740", ]
"refsource" : "MISC", },
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952648", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952648" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" ]
}, },
{ "references": {
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" "name": "SUSE-SU-2013:0835",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
"name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", },
"refsource" : "CONFIRM", {
"url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" "name": "oval:org.mitre.oval:def:19294",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19294"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645566", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645566" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", },
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
}, "refsource": "MLIST",
{ "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", },
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" "name": "SUSE-SU-2013:0871",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
"name" : "IV40772", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40772" "name": "RHSA-2013:0758",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
"name" : "APPLE-SA-2013-04-16-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740",
}, "refsource": "MISC",
{ "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "APPLE-SA-2013-04-16-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
"name" : "HPSBUX02889", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "name": "MDVSA-2013:145",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
"name" : "SSRT101252", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "name": "oval:org.mitre.oval:def:19672",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19672"
"name" : "HPSBUX02922", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "name": "TA13-107A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
"name" : "SSRT101305", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "name": "IV40772",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40772"
"name" : "MDVSA-2013:145", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
}, "refsource": "CONFIRM",
{ "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
"name" : "MDVSA-2013:161", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" "name": "SSRT101252",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
"name" : "RHSA-2013:0752", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
"name" : "RHSA-2013:0757", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952648",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952648"
"name" : "RHSA-2013:0758", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "SSRT101305",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "59170",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/59170"
"name" : "SUSE-SU-2013:0814", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" "name": "RHSA-2013:0757",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
"name" : "openSUSE-SU-2013:0777", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" "name": "HPSBUX02922",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name" : "SUSE-SU-2013:0835", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645566",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645566"
"name" : "SUSE-SU-2013:0871", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
"name" : "SUSE-SU-2013:0934", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" "name": "openSUSE-SU-2013:0777",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
"name" : "openSUSE-SU-2013:0964", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" "name": "MDVSA-2013:161",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
"name" : "USN-1806-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1806-1" "name": "openSUSE-SU-2013:0964",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
"name" : "TA13-107A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" "name": "RHSA-2013:0752",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
"name" : "59170", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59170" "name": "USN-1806-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1806-1"
"name" : "oval:org.mitre.oval:def:16688", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16688" "name": "oval:org.mitre.oval:def:16688",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16688"
"name" : "oval:org.mitre.oval:def:19294", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19294" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "oval:org.mitre.oval:def:19672", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19672" "name": "SUSE-SU-2013:0814",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name": "SUSE-SU-2013:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
},
{
"name": "HPSBUX02889",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
}
]
}
}

34
2013/1xxx/CVE-2013-1658.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1658", "ID": "CVE-2013-1658",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2013/4xxx/CVE-2013-4594.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4594", "ID": "CVE-2013-4594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q4/317" "lang": "eng",
}, "value": "The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment."
{ }
"name" : "https://drupal.org/node/2129373", ]
"refsource" : "MISC", },
"url" : "https://drupal.org/node/2129373" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://drupal.org/node/2128345", "description": [
"refsource" : "CONFIRM", {
"url" : "https://drupal.org/node/2128345" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "55431", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/55431" ]
} },
] "references": {
} "reference_data": [
} {
"name": "55431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55431"
},
{
"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/317"
},
{
"name": "https://drupal.org/node/2128345",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2128345"
},
{
"name": "https://drupal.org/node/2129373",
"refsource": "MISC",
"url": "https://drupal.org/node/2129373"
}
]
}
}

34
2013/5xxx/CVE-2013-5234.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5234", "ID": "CVE-2013-5234",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/5xxx/CVE-2013-5340.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-5340", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-5340",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

150
2013/5xxx/CVE-2013-5446.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5446", "ID": "CVE-2013-5446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21653546", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21653546" "lang": "eng",
}, "value": "The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors."
{ }
"name" : "IC93164", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IC96617", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96617" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webspheredp-xc10-cve20135446-logoff(87910)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87910" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.ibm.com/support/docview.wss?uid=swg21653546",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21653546"
},
{
"name": "webspheredp-xc10-cve20135446-logoff(87910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87910"
},
{
"name": "IC93164",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164"
},
{
"name": "IC96617",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96617"
}
]
}
}

120
2017/0xxx/CVE-2017-0324.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"ID" : "CVE-2017-0324", "ID": "CVE-2017-0324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows GPU Display Driver", "product_name": "Windows GPU Display Driver",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service, Escalation of Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" "lang": "eng",
} "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
]
}
}

136
2017/0xxx/CVE-2017-0620.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0620", "ID": "CVE-2017-0620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711."
{ }
"name" : "98193", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98193" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98193"
}
]
}
}

142
2017/1000xxx/CVE-2017-1000002.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000002", "ID": "CVE-2017-1000002",
"REQUESTER" : "mattd@bugfuzz.com", "REQUESTER": "mattd@bugfuzz.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ATutor", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.2.1" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ATutor" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55" "lang": "eng",
}, "value": "ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure."
{ }
"name" : "http://www.atutor.ca/atutor/mantis/view.php?id=5681", ]
"refsource" : "CONFIRM", },
"url" : "http://www.atutor.ca/atutor/mantis/view.php?id=5681" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99599", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99599" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99599"
},
{
"name": "http://www.atutor.ca/atutor/mantis/view.php?id=5681",
"refsource": "CONFIRM",
"url": "http://www.atutor.ca/atutor/mantis/view.php?id=5681"
},
{
"name": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55",
"refsource": "CONFIRM",
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000089.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.310507", "DATE_ASSIGNED": "2017-08-22T17:29:33.310507",
"ID" : "CVE-2017-1000089", "ID": "CVE-2017-1000089",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Pipeline: Build Step Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.5 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins Pipeline: Build Step Plugin" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2017-07-10/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2017-07-10/" "lang": "eng",
} "value": "Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-07-10/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
]
}
}

170
2017/12xxx/CVE-2017-12061.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12061", "ID": "CVE-2017-12061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/08/01/1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://openwall.com/lists/oss-security/2017/08/01/1" "lang": "eng",
}, "value": "An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP."
{ }
"name" : "http://openwall.com/lists/oss-security/2017/08/01/2", ]
"refsource" : "CONFIRM", },
"url" : "http://openwall.com/lists/oss-security/2017/08/01/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5" ]
}, },
{ "references": {
"name" : "https://mantisbt.org/bugs/view.php?id=23146", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://mantisbt.org/bugs/view.php?id=23146" "name": "http://openwall.com/lists/oss-security/2017/08/01/1",
}, "refsource": "CONFIRM",
{ "url": "http://openwall.com/lists/oss-security/2017/08/01/1"
"name" : "1039030", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039030" "name": "https://mantisbt.org/bugs/view.php?id=23146",
} "refsource": "CONFIRM",
] "url": "https://mantisbt.org/bugs/view.php?id=23146"
} },
} {
"name": "1039030",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039030"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/08/01/2",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/08/01/2"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5"
}
]
}
}

120
2017/12xxx/CVE-2017-12310.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12310", "ID": "CVE-2017-12310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Spark Hybrid Calendar Service", "product_name": "Cisco Spark Hybrid Calendar Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Spark Hybrid Calendar Service" "version_value": "Cisco Spark Hybrid Calendar Service"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark" "lang": "eng",
} "value": "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
}
]
}
}

132
2017/16xxx/CVE-2017-16010.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16010", "ID": "CVE-2017-16010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "i18next node module", "product_name": "i18next node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : ">=2.0.0 <=3.4.3" "version_value": ">=2.0.0 <=3.4.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/i18next/i18next/pull/826", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/i18next/i18next/pull/826" "lang": "eng",
}, "value": "i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later."
{ }
"name" : "https://nodesecurity.io/advisories/326", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/326" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/i18next/i18next/pull/826",
"refsource": "MISC",
"url": "https://github.com/i18next/i18next/pull/826"
},
{
"name": "https://nodesecurity.io/advisories/326",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/326"
}
]
}
}

34
2017/16xxx/CVE-2017-16432.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16432", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16432",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4723.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4723", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4723",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4766.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4766", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4766",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4869.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4869", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4869",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

170
2017/4xxx/CVE-2017-4912.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@vmware.com", "ASSIGNER": "security@vmware.com",
"ID" : "CVE-2017-4912", "ID": "CVE-2017-4912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Workstation", "product_name": "Workstation",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.x prior to 12.5.3" "version_value": "12.x prior to 12.5.3"
} }
] ]
} }
}, },
{ {
"product_name" : "Horizon View Client for Windows", "product_name": "Horizon View Client for Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.x prior to 4.4.0" "version_value": "4.x prior to 4.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VMware" "vendor_name": "VMware"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read issues via Cortado ThinPrint"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2017-0008.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2017-0008.html" "lang": "eng",
}, "value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
{ }
"name" : "97921", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97921" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038280", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038280" "lang": "eng",
}, "value": "Out-of-bounds read issues via Cortado ThinPrint"
{ }
"name" : "1038281", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038281" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97921"
},
{
"name": "1038280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}

34
2018/18xxx/CVE-2018-18275.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18275", "ID": "CVE-2018-18275",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/18xxx/CVE-2018-18926.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18926", "ID": "CVE-2018-18926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/go-gitea/gitea/issues/5140", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/go-gitea/gitea/issues/5140" "lang": "eng",
} "value": "Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/go-gitea/gitea/issues/5140",
"refsource": "MISC",
"url": "https://github.com/go-gitea/gitea/issues/5140"
}
]
}
}

120
2018/5xxx/CVE-2018-5301.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5301", "ID": "CVE-2018-5301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://magento.com/security/patches/magento-2010-and-212-security-update", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://magento.com/security/patches/magento-2010-and-212-security-update" "lang": "eng",
} "value": "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/magento-2010-and-212-security-update",
"refsource": "CONFIRM",
"url": "https://magento.com/security/patches/magento-2010-and-212-security-update"
}
]
}
}

242
2018/5xxx/CVE-2018-5400.json
View File

@ -1,123 +1,123 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"DATE_PUBLIC" : "2018-10-01T04:00:00.000Z", "DATE_PUBLIC": "2018-10-01T04:00:00.000Z",
"ID" : "CVE-2018-5400", "ID": "CVE-2018-5400",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error" "TITLE": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DCU-210E ", "product_name": "DCU-210E ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"platform" : "ARMv7", "platform": "ARMv7",
"version_name" : "3.7", "version_name": "3.7",
"version_value" : "3.7" "version_value": "3.7"
} }
] ]
} }
}, },
{ {
"product_name" : "RP-210E", "product_name": "RP-210E",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"platform" : "ARMv7", "platform": "ARMv7",
"version_name" : "3.7", "version_name": "3.7",
"version_value" : "3.7" "version_value": "3.7"
} }
] ]
} }
}, },
{ {
"product_name" : "Marine Pro Observer Android App", "product_name": "Marine Pro Observer Android App",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "?", "affected": "?",
"platform" : "android", "platform": "android",
"version_value" : "0.1" "version_value": "0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Auto-Maskin" "vendor_name": "Auto-Maskin"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 9.1,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-346: Origin Validation Error"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
"name" : "VU#176301", }
"refsource" : "CERT-VN", ],
"url" : "https://www.kb.cert.org/vuls/id/176301" "data_format": "MITRE",
} "data_type": "CVE",
] "data_version": "4.0",
}, "description": {
"solution" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n" "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
} }
], ]
"source" : { },
"discovery" : "EXTERNAL" "impact": {
} "cvss": {
} "attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346: Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#176301",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176301"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

120
2018/5xxx/CVE-2018-5777.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5777", "ID": "CVE-2018-5777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4" "lang": "eng",
} "value": "An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4",
"refsource": "CONFIRM",
"url": "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4"
}
]
}
}