admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:39:11 +00:00
parent 788f2aaafb
commit 7cb4d730d7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3445 additions and 3445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2001/0xxx/CVE-2001-0219.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX0101-137",
"refsource" : "HP",
"url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0016.html"
},
{
"name" : "hp-stm-dos(5957)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5957"
},
{
"name" : "2239",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2239"
},
{
"name" : "6991",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6991"
},
{
"name" : "7029",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/7029"
},
{
"name" : "7030",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/7030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2239"
},
{
"name": "HPSBUX0101-137",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q1/0016.html"
},
{
"name": "7030",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7030"
},
{
"name": "6991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6991"
},
{
"name": "7029",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7029"
},
{
"name": "hp-stm-dos(5957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5957"
}
]
}
}

140
2001/0xxx/CVE-2001-0238.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS01-022",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022"
},
{
"name" : "L-074",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/l-074.shtml"
},
{
"name" : "ms-dacipp-webdav-access(6405)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "L-074",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-074.shtml"
},
{
"name": "MS01-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022"
},
{
"name": "ms-dacipp-webdav-access(6405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6405"
}
]
}
}

150
2001/0xxx/CVE-2001-0558.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010507 Advisory for Jana server",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html"
},
{
"name" : "jana-server-device-dos(6521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6521"
},
{
"name" : "2704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2704"
},
{
"name" : "1817",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010507 Advisory for Jana server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html"
},
{
"name": "2704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2704"
},
{
"name": "jana-server-device-dos(6521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6521"
},
{
"name": "1817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1817"
}
]
}
}

140
2001/0xxx/CVE-2001-0585.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010320 def-2001-13: NTMail Web Services DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html"
},
{
"name" : "2494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2494"
},
{
"name" : "ntmail-long-url-dos(6249)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2494"
},
{
"name": "ntmail-long-url-dos(6249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6249"
},
{
"name": "20010320 def-2001-13: NTMail Web Services DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0745.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html"
},
{
"name" : "netscape-user-info-retrieval(7417)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7417"
},
{
"name" : "5543",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html"
},
{
"name": "netscape-user-info-retrieval(7417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7417"
},
{
"name": "5543",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5543"
}
]
}
}

200
2001/0xxx/CVE-2001-0877.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=100887440810532&w=2"
},
{
"name" : "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=100887271006313&w=2"
},
{
"name" : "20020109 UPNP Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/249238"
},
{
"name" : "MS01-059",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059"
},
{
"name" : "CA-2001-37",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2001-37.html"
},
{
"name" : "VU#411059",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/411059"
},
{
"name" : "M-030",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/m-030.shtml"
},
{
"name" : "3724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3724"
},
{
"name" : "win-upnp-udp-dos(7722)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#411059",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/411059"
},
{
"name": "M-030",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-030.shtml"
},
{
"name": "20020109 UPNP Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/249238"
},
{
"name": "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=100887271006313&w=2"
},
{
"name": "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100887440810532&w=2"
},
{
"name": "CA-2001-37",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-37.html"
},
{
"name": "win-upnp-udp-dos(7722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7722"
},
{
"name": "MS01-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059"
},
{
"name": "3724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3724"
}
]
}
}

130
2001/0xxx/CVE-2001-0892.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=100568999726036&w=2"
},
{
"name" : "http://www.acme.com/software/thttpd/",
"refsource" : "CONFIRM",
"url" : "http://www.acme.com/software/thttpd/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100568999726036&w=2"
},
{
"name": "http://www.acme.com/software/thttpd/",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/"
}
]
}
}

160
2006/2xxx/CVE-2006-2295.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html",
"refsource" : "MISC",
"url" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html"
},
{
"name" : "17896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17896"
},
{
"name" : "ADV-2006-1699",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1699"
},
{
"name" : "19995",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19995"
},
{
"name" : "dynamicgalerie-multiple-path-disclosure(26322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1699",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1699"
},
{
"name": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html",
"refsource": "MISC",
"url": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html"
},
{
"name": "17896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17896"
},
{
"name": "19995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19995"
},
{
"name": "dynamicgalerie-multiple-path-disclosure(26322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26322"
}
]
}
}

450
2006/2xxx/CVE-2006-2314.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the \"\\\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of \"Encoding-Based SQL Injection.\" NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435038/100/0/threaded"
},
{
"name" : "20060524 rPSA-2006-0080-1 postgresql postgresql-server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435161/100/0/threaded"
},
{
"name" : "[pgsql-announce] 20060523 Security Releases for All Active Versions",
"refsource" : "MLIST",
"url" : "http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php"
},
{
"name" : "http://www.postgresql.org/docs/techdocs.50",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/techdocs.50"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm"
},
{
"name" : "DSA-1087",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1087"
},
{
"name" : "GLSA-200607-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200607-04.xml"
},
{
"name" : "MDKSA-2006:098",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:098"
},
{
"name" : "RHSA-2006:0526",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0526.html"
},
{
"name" : "20060602-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name" : "SUSE-SA:2006:030",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html"
},
{
"name" : "SUSE-SR:2006:021",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
},
{
"name" : "2006-0032",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0032/"
},
{
"name" : "USN-288-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/288-1/"
},
{
"name" : "USN-288-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-288-2"
},
{
"name" : "USN-288-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-288-3"
},
{
"name" : "18092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18092"
},
{
"name" : "oval:org.mitre.oval:def:9947",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947"
},
{
"name" : "ADV-2006-1941",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1941"
},
{
"name" : "25731",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25731"
},
{
"name" : "1016142",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016142"
},
{
"name" : "20231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20231"
},
{
"name" : "20232",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20232"
},
{
"name" : "20314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20314"
},
{
"name" : "20435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20435"
},
{
"name" : "20451",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20451"
},
{
"name" : "20503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20503"
},
{
"name" : "20555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20555"
},
{
"name" : "20782",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20782"
},
{
"name" : "21001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21001"
},
{
"name" : "21749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21749"
},
{
"name" : "20653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20653"
},
{
"name" : "postgresql-ascii-sql-injection(26628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26628"
},
{
"name" : "postgresql-multibyte-sql-injection(26627)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26627"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the \"\\\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of \"Encoding-Based SQL Injection.\" NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "postgresql-ascii-sql-injection(26628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26628"
},
{
"name": "GLSA-200607-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200607-04.xml"
},
{
"name": "20435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20435"
},
{
"name": "18092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18092"
},
{
"name": "20503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20503"
},
{
"name": "20451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20451"
},
{
"name": "21001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21001"
},
{
"name": "http://www.postgresql.org/docs/techdocs.50",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/techdocs.50"
},
{
"name": "20231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20231"
},
{
"name": "20653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20653"
},
{
"name": "SUSE-SA:2006:030",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html"
},
{
"name": "21749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21749"
},
{
"name": "25731",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25731"
},
{
"name": "20782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20782"
},
{
"name": "RHSA-2006:0526",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0526.html"
},
{
"name": "2006-0032",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0032/"
},
{
"name": "20060602-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "ADV-2006-1941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1941"
},
{
"name": "20060524 rPSA-2006-0080-1 postgresql postgresql-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435161/100/0/threaded"
},
{
"name": "20232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20232"
},
{
"name": "20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435038/100/0/threaded"
},
{
"name": "USN-288-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/288-1/"
},
{
"name": "MDKSA-2006:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:098"
},
{
"name": "SUSE-SR:2006:021",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm"
},
{
"name": "postgresql-multibyte-sql-injection(26627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26627"
},
{
"name": "oval:org.mitre.oval:def:9947",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947"
},
{
"name": "20555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20555"
},
{
"name": "[pgsql-announce] 20060523 Security Releases for All Active Versions",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php"
},
{
"name": "1016142",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016142"
},
{
"name": "USN-288-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-288-3"
},
{
"name": "USN-288-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-288-2"
},
{
"name": "20314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20314"
},
{
"name": "DSA-1087",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1087"
}
]
}
}

34
2006/2xxx/CVE-2006-2657.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2657",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3017. Reason: This candidate is a reservation duplicate of CVE-2006-3017. Notes: All CVE users should reference CVE-2006-3017 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-2657",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3017. Reason: This candidate is a reservation duplicate of CVE-2006-3017. Notes: All CVE users should reference CVE-2006-3017 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2006/2xxx/CVE-2006-2970.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060609 TinyMuw v1.0 - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436640/100/0/threaded"
},
{
"name" : "ADV-2006-2310",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2310"
},
{
"name" : "1091",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1091"
},
{
"name" : "tinymuw-videopage-path-disclosure(27155)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060609 TinyMuw v1.0 - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436640/100/0/threaded"
},
{
"name": "tinymuw-videopage-path-disclosure(27155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27155"
},
{
"name": "ADV-2006-2310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2310"
},
{
"name": "1091",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1091"
}
]
}
}

190
2006/6xxx/CVE-2006-6276.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102733",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name" : "21371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21371"
},
{
"name" : "ADV-2006-4793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name" : "1017322",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017322"
},
{
"name" : "1017323",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017323"
},
{
"name" : "1017324",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017324"
},
{
"name" : "23186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23186"
},
{
"name" : "sunserver-proxy-csrf(30662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102733",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017322"
}
]
}
}

190
2006/6xxx/CVE-2006-6345.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453561/100/0/threaded"
},
{
"name" : "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf"
},
{
"name" : "21449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21449"
},
{
"name" : "ADV-2006-4863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4863"
},
{
"name" : "1017342",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017342"
},
{
"name" : "23262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23262"
},
{
"name" : "1986",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1986"
},
{
"name" : "sap-http-file-deletion(30765)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30765"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21449"
},
{
"name": "sap-http-file-deletion(30765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30765"
},
{
"name": "ADV-2006-4863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4863"
},
{
"name": "23262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23262"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf"
},
{
"name": "1986",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1986"
},
{
"name": "1017342",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017342"
},
{
"name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453561/100/0/threaded"
}
]
}
}

150
2011/2xxx/CVE-2011-2211.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110615 Re: CVE request: kernel: alpha: fix several security issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/15/7"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f"
},
{
"name" : "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4"
},
{
"name": "[oss-security] 20110615 Re: CVE request: kernel: alpha: fix several security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/15/7"
},
{
"name": "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f"
}
]
}
}

130
2011/2xxx/CVE-2011-2478.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-006",
"refsource" : "MISC",
"url" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"name" : "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1",
"refsource" : "CONFIRM",
"url" : "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1",
"refsource": "CONFIRM",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1"
}
]
}
}

140
2011/2xxx/CVE-2011-2733.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/519346/100/0/threaded"
},
{
"name" : "49574",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49574"
},
{
"name" : "8344",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49574"
},
{
"name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded"
},
{
"name": "8344",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8344"
}
]
}
}

160
2011/2xxx/CVE-2011-2917.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18110",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18110"
},
{
"name" : "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/12/6"
},
{
"name" : "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection",
"refsource" : "MISC",
"url" : "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
},
{
"name" : "49130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49130"
},
{
"name" : "74502",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/74502"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49130"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
},
{
"name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
},
{
"name": "18110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18110"
},
{
"name": "74502",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74502"
}
]
}
}

180
2011/3xxx/CVE-2011-3439.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5052",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5052"
},
{
"name" : "APPLE-SA-2011-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
},
{
"name" : "SUSE-SU-2011:1307",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
},
{
"name" : "openSUSE-SU-2012:0015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
},
{
"name" : "openSUSE-SU-2012:0047",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
},
{
"name" : "46921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46921"
},
{
"name" : "48951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
},
{
"name": "SUSE-SU-2011:1307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
},
{
"name": "openSUSE-SU-2012:0047",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
},
{
"name": "APPLE-SA-2011-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT5052",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5052"
},
{
"name": "46921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46921"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
}
]
}
}

150
2011/3xxx/CVE-2011-3774.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1"
},
{
"name" : "phpesp-landing-path-disclosure(70546)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70546"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpesp-landing-path-disclosure(70546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70546"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

140
2011/4xxx/CVE-2011-4163.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02731",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2"
},
{
"name" : "SSRT100518",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2"
},
{
"name" : "51205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100518",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2"
},
{
"name": "HPSBMU02731",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2"
},
{
"name": "51205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51205"
}
]
}
}

34
2011/4xxx/CVE-2011-4200.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4200",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4200",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2011/4xxx/CVE-2011-4255.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/11182011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/11182011_player/en/"
}
]
}
}

140
2011/4xxx/CVE-2011-4283.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/11/14/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=170009",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=170009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/14/1"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=170009",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=170009"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6"
}
]
}
}

130
2011/4xxx/CVE-2011-4757.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html"
},
{
"name" : "ppsbp-autocomplete-security-bypass(72209)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ppsbp-autocomplete-security-bypass(72209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72209"
},
{
"name": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html"
}
]
}
}

160
2013/1xxx/CVE-2013-1063.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2"
},
{
"name" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2"
},
{
"name" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1"
},
{
"name" : "USN-1963-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1963-1"
},
{
"name" : "54901",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54901"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1963-1"
},
{
"name": "54901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54901"
},
{
"name": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2"
},
{
"name": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1"
},
{
"name": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2"
}
]
}
}

130
2013/1xxx/CVE-2013-1499.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2013/1xxx/CVE-2013-1545.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

170
2013/1xxx/CVE-2013-1978.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=953902",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=953902"
},
{
"name" : "DSA-2813",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2813"
},
{
"name" : "GLSA-201603-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-01"
},
{
"name" : "RHSA-2013:1778",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name" : "USN-2051-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2051-1"
},
{
"name" : "64098",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64098"
},
{
"name": "RHSA-2013:1778",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name": "GLSA-201603-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=953902",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902"
},
{
"name": "DSA-2813",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"name": "USN-2051-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2051-1"
}
]
}
}

130
2013/5xxx/CVE-2013-5097.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/JSA10585",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/JSA10585"
},
{
"name" : "1028923",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/JSA10585",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/JSA10585"
},
{
"name": "1028923",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028923"
}
]
}
}

180
2013/5xxx/CVE-2013-5419.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc"
},
{
"name" : "IV47427",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47427"
},
{
"name" : "IV47428",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47428"
},
{
"name" : "IV47429",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47429"
},
{
"name" : "IV47430",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47430"
},
{
"name" : "oval:org.mitre.oval:def:18775",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775"
},
{
"name" : "aix-printer-cve20135419-bo(87481)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV47429",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47429"
},
{
"name": "IV47427",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47427"
},
{
"name": "oval:org.mitre.oval:def:18775",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775"
},
{
"name": "aix-printer-cve20135419-bo(87481)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87481"
},
{
"name": "IV47428",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47428"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc"
},
{
"name": "IV47430",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47430"
}
]
}
}

170
2013/5xxx/CVE-2013-5880.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64836"
},
{
"name" : "102095",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102095"
},
{
"name" : "1029620",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029620"
},
{
"name" : "56474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102095",
"refsource": "OSVDB",
"url": "http://osvdb.org/102095"
},
{
"name": "1029620",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029620"
},
{
"name": "56474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56474"
},
{
"name": "64836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64836"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

120
2013/5xxx/CVE-2013-5912.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#893462",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/893462"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#893462",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/893462"
}
]
}
}

34
2013/5xxx/CVE-2013-5923.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5923",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5923",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/5xxx/CVE-2013-5995.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.ec-cube.net/open_trac/changeset/23274",
"refsource" : "CONFIRM",
"url" : "http://svn.ec-cube.net/open_trac/changeset/23274"
},
{
"name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=51",
"refsource" : "CONFIRM",
"url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"name" : "JVN#55630933",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name" : "JVNDB-2013-000106",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55630933",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=51",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23274",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
]
}
}

34
2014/2xxx/CVE-2014-2271.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2271",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2271",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/2xxx/CVE-2014-2802.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name" : "68384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68384"
},
{
"name" : "1030532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030532"
},
{
"name" : "59775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
},
{
"name": "59775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59775"
},
{
"name": "68384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68384"
},
{
"name": "1030532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030532"
}
]
}
}

122
2017/0xxx/CVE-2017-0671.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-4.4.4"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-4.4.4"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
}

174
2017/0xxx/CVE-2017-0767.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "4.4.4"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100649"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100649"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000144.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.355678",
"ID" : "CVE-2017-1000144",
"REQUESTER" : "info@mahara.org",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mahara",
"version" : {
"version_data" : [
{
"version_value" : "<1.9.6, <1.10.4, <15.04.1"
}
]
}
}
]
},
"vendor_name" : "Mahara"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.355678",
"ID": "CVE-2017-1000144",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1447377",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/mahara/+bug/1447377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1447377",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1447377"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000388.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-11-17",
"ID" : "CVE-2017-1000388",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Dependency Graph Viewer Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.12 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Dependency Graph Viewer Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-11-17",
"ID": "CVE-2017-1000388",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2017-10-23/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-10-23/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-10-23/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-10-23/"
}
]
}
}

34
2017/12xxx/CVE-2017-12054.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12054",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12054",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/16xxx/CVE-2017-16433.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16433",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-16433",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

120
2017/16xxx/CVE-2017-16641.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Cacti/cacti/issues/1057",
"refsource" : "CONFIRM",
"url" : "https://github.com/Cacti/cacti/issues/1057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/issues/1057",
"refsource": "CONFIRM",
"url": "https://github.com/Cacti/cacti/issues/1057"
}
]
}
}

34
2017/16xxx/CVE-2017-16676.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16676",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16676",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2017/1xxx/CVE-2017-1174.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-09T00:00:00",
"ID" : "CVE-2017-1174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2"
},
{
"version_value" : "5.2.4"
},
{
"version_value" : "5.2.1"
},
{
"version_value" : "5.2.2"
},
{
"version_value" : "5.2.3"
},
{
"version_value" : "5.2.5"
},
{
"version_value" : "5.2.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-09T00:00:00",
"ID": "CVE-2017-1174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.2.1"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.2.3"
},
{
"version_value": "5.2.5"
},
{
"version_value": "5.2.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004268",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004268"
},
{
"name" : "100246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004268",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004268"
},
{
"name": "100246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100246"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296"
}
]
}
}

34
2017/1xxx/CVE-2017-1702.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1702",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1702",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/4xxx/CVE-2017-4138.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4138",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4138",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4415.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4415",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4415",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4424.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4424",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4424",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

142
2017/4xxx/CVE-2017-4919.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-07-27T00:00:00",
"ID" : "CVE-2017-4919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VMware vCenter Server",
"version" : {
"version_data" : [
{
"version_value" : "VMware vCenter Server 5.5.x, 6.0.x, 6.5.x"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized Access Heap buffer-overflow vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-07-27T00:00:00",
"ID": "CVE-2017-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 5.5.x, 6.0.x, 6.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2017-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
},
{
"name" : "100102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100102"
},
{
"name" : "1039004",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized Access Heap buffer-overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039004"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
},
{
"name": "100102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100102"
}
]
}
}

140
2018/5xxx/CVE-2018-5053.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-5053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name" : "104699",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104699"
},
{
"name" : "1041250",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "104699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104699"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
}
]
}
}

130
2018/5xxx/CVE-2018-5658.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/9010",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/9010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9010",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9010"
},
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
}
]
}
}

122
2018/5xxx/CVE-2018-5849.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-05-11T00:00:00",
"ID" : "CVE-2018-5849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in QTEE"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2018-5849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource" : "MISC",
"url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in QTEE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}