admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:30:09 +00:00
parent af6a641ade
commit 86ae2c7e2a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3775 additions and 3775 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2001/0xxx/CVE-2001-0587.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010327 SCO 5.0.6 MMDF issues (deliver) ",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html"
},
{
"name" : "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes",
"refsource" : "BUGTRAQ",
"url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html"
},
{
"name" : "sco-openserver-deliver-bo(6302)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6302"
},
{
"name" : "2583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20010327 SCO 5.0.6 MMDF issues (deliver)",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html"
},
{
"name": "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes",
"refsource": "BUGTRAQ",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html"
},
{
"name": "sco-openserver-deliver-bo(6302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6302"
},
{
"name": "2583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2583"
}
]
}
}

34
2001/0xxx/CVE-2001-0725.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0725",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0725",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2001/1xxx/CVE-2001-1101.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010908 Bug in remote GUI access in CheckPoint Firewall",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/212826"
},
{
"name" : "fw1-log-file-overwrite(7095)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7095"
},
{
"name" : "3303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010908 Bug in remote GUI access in CheckPoint Firewall",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/212826"
},
{
"name": "3303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3303"
},
{
"name": "fw1-log-file-overwrite(7095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7095"
}
]
}
}

130
2001/1xxx/CVE-2001-1477.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp",
"refsource" : "CONFIRM",
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"name" : "bea-tuxedo-remote-access(6326)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"name": "bea-tuxedo-remote-access(6326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
}
]
}
}

160
2001/1xxx/CVE-2001-1582.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010626 Solaris 8 libsldap buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2001/Jun/0365.html"
},
{
"name" : "20010705 Solaris 8 libsldap exploit",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2001/Jul/0077.html"
},
{
"name" : "20010706 Re: Solaris 8 libsldap exploit",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2001/Jul/0091.html"
},
{
"name" : "http://www.securiteam.com/unixfocus/5IP0O2A4KS.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/unixfocus/5IP0O2A4KS.html"
},
{
"name" : "2931",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010706 Re: Solaris 8 libsldap exploit",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2001/Jul/0091.html"
},
{
"name": "2931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2931"
},
{
"name": "20010626 Solaris 8 libsldap buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2001/Jun/0365.html"
},
{
"name": "20010705 Solaris 8 libsldap exploit",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2001/Jul/0077.html"
},
{
"name": "http://www.securiteam.com/unixfocus/5IP0O2A4KS.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5IP0O2A4KS.html"
}
]
}
}

210
2006/2xxx/CVE-2006-2389.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka \"Microsoft Office Property Vulnerability,\" a different vulnerability than CVE-2006-1316."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-2389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-038",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038"
},
{
"name" : "TA06-192A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
},
{
"name" : "VU#409316",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/409316"
},
{
"name" : "18911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18911"
},
{
"name" : "ADV-2006-2756",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2756"
},
{
"name" : "27149",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27149"
},
{
"name" : "oval:org.mitre.oval:def:279",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A279"
},
{
"name" : "1016469",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016469"
},
{
"name" : "21012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21012"
},
{
"name" : "office-property-string-bo(27609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka \"Microsoft Office Property Vulnerability,\" a different vulnerability than CVE-2006-1316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21012"
},
{
"name": "ADV-2006-2756",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2756"
},
{
"name": "MS06-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038"
},
{
"name": "18911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18911"
},
{
"name": "VU#409316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/409316"
},
{
"name": "office-property-string-bo(27609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27609"
},
{
"name": "27149",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27149"
},
{
"name": "1016469",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016469"
},
{
"name": "TA06-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
},
{
"name": "oval:org.mitre.oval:def:279",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A279"
}
]
}
}

180
2006/2xxx/CVE-2006-2549.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060524 VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434992/30/4770/threaded"
},
{
"name" : "20060523 VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046292.html"
},
{
"name" : "http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt",
"refsource" : "MISC",
"url" : "http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt"
},
{
"name" : "ADV-2006-1960",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1960"
},
{
"name" : "25902",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25902"
},
{
"name" : "20233",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20233"
},
{
"name" : "pdf-formfilling-flattening-bo(26604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060523 VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046292.html"
},
{
"name": "25902",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25902"
},
{
"name": "ADV-2006-1960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1960"
},
{
"name": "pdf-formfilling-flattening-bo(26604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26604"
},
{
"name": "http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt",
"refsource": "MISC",
"url": "http://www.vsecurity.com/bulletins/advisories/2006/pdf-form-filling.txt"
},
{
"name": "20060524 VSR Advisory: PDF Tools AG - PDF Form Filling and Flattening Tool Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434992/30/4770/threaded"
},
{
"name": "20233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20233"
}
]
}
}

170
2006/2xxx/CVE-2006-2847.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name" : "1859",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1859"
},
{
"name" : "18235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18235"
},
{
"name" : "ADV-2006-2114",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2114"
},
{
"name" : "20419",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20419"
},
{
"name" : "aspweblinks-links-sql-injection(26937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aspweblinks-links-sql-injection(26937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26937"
},
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1859"
},
{
"name": "20419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20419"
},
{
"name": "ADV-2006-2114",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2114"
},
{
"name": "18235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18235"
}
]
}
}

170
2006/6xxx/CVE-2006-6136.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during \"registering of response operation,\" which has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830"
},
{
"name" : "PK29847",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29847&apar=only"
},
{
"name" : "21204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21204"
},
{
"name" : "ADV-2006-4639",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4639"
},
{
"name" : "23028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during \"registering of response operation,\" which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951"
},
{
"name": "23028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23028"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830"
},
{
"name": "PK29847",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29847&apar=only"
},
{
"name": "21204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21204"
},
{
"name": "ADV-2006-4639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4639"
}
]
}
}

150
2006/6xxx/CVE-2006-6286.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21382/info"
},
{
"name" : "ADV-2006-4803",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4803"
},
{
"name" : "23072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23072"
},
{
"name" : "palmdesktop-files-insecure-permission(30657)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "palmdesktop-files-insecure-permission(30657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30657"
},
{
"name": "23072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23072"
},
{
"name": "ADV-2006-4803",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4803"
},
{
"name": "21382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21382/info"
}
]
}
}

160
2006/6xxx/CVE-2006-6582.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hackerscenter.com/archive/view.asp?id=26656",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/archive/view.asp?id=26656"
},
{
"name" : "ADV-2006-5025",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5025"
},
{
"name" : "1017384",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017384"
},
{
"name" : "23372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23372"
},
{
"name" : "scriptmate-default-xss(30901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30901"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hackerscenter.com/archive/view.asp?id=26656",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/archive/view.asp?id=26656"
},
{
"name": "scriptmate-default-xss(30901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30901"
},
{
"name": "23372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23372"
},
{
"name": "ADV-2006-5025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5025"
},
{
"name": "1017384",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017384"
}
]
}
}

190
2006/6xxx/CVE-2006-6965.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sla.ckers.org/forum/read.php?3,880,1361#msg-1361",
"refsource" : "MISC",
"url" : "http://sla.ckers.org/forum/read.php?3,880,1361#msg-1361"
},
{
"name" : "GLSA-200704-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200704-08.xml"
},
{
"name" : "22236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22236"
},
{
"name" : "ADV-2007-0357",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0357"
},
{
"name" : "31620",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31620"
},
{
"name" : "23926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23926"
},
{
"name" : "24853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24853"
},
{
"name" : "dokuwiki-fetch-response-splitting(31930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31620",
"refsource": "OSVDB",
"url": "http://osvdb.org/31620"
},
{
"name": "http://sla.ckers.org/forum/read.php?3,880,1361#msg-1361",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?3,880,1361#msg-1361"
},
{
"name": "24853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24853"
},
{
"name": "23926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23926"
},
{
"name": "22236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22236"
},
{
"name": "dokuwiki-fetch-response-splitting(31930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31930"
},
{
"name": "ADV-2007-0357",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0357"
},
{
"name": "GLSA-200704-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-08.xml"
}
]
}
}

270
2006/7xxx/CVE-2006-7179.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070423 FLEA-2007-0012-1: madwifi",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466689/30/6900/threaded"
},
{
"name" : "http://dev.lintrack.org/ticket/101",
"refsource" : "MISC",
"url" : "http://dev.lintrack.org/ticket/101"
},
{
"name" : "http://madwifi.org/ticket/963",
"refsource" : "CONFIRM",
"url" : "http://madwifi.org/ticket/963"
},
{
"name" : "http://madwifi.org/wiki/Releases/0.9.3",
"refsource" : "CONFIRM",
"url" : "http://madwifi.org/wiki/Releases/0.9.3"
},
{
"name" : "GLSA-200704-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200704-15.xml"
},
{
"name" : "MDKSA-2007:082",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:082"
},
{
"name" : "SUSE-SR:2007:014",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name" : "USN-479-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-479-1"
},
{
"name" : "23436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23436"
},
{
"name" : "ADV-2007-1187",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1187"
},
{
"name" : "34645",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34645"
},
{
"name" : "24670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24670"
},
{
"name" : "24841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24841"
},
{
"name" : "24931",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24931"
},
{
"name" : "25861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25861"
},
{
"name" : "26083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26083"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-479-1"
},
{
"name": "MDKSA-2007:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:082"
},
{
"name": "23436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23436"
},
{
"name": "24670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24670"
},
{
"name": "24931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24931"
},
{
"name": "26083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26083"
},
{
"name": "ADV-2007-1187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1187"
},
{
"name": "SUSE-SR:2007:014",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name": "34645",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34645"
},
{
"name": "http://madwifi.org/wiki/Releases/0.9.3",
"refsource": "CONFIRM",
"url": "http://madwifi.org/wiki/Releases/0.9.3"
},
{
"name": "24841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24841"
},
{
"name": "http://madwifi.org/ticket/963",
"refsource": "CONFIRM",
"url": "http://madwifi.org/ticket/963"
},
{
"name": "20070423 FLEA-2007-0012-1: madwifi",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466689/30/6900/threaded"
},
{
"name": "GLSA-200704-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-15.xml"
},
{
"name": "25861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25861"
},
{
"name": "http://dev.lintrack.org/ticket/101",
"refsource": "MISC",
"url": "http://dev.lintrack.org/ticket/101"
}
]
}
}

170
2011/0xxx/CVE-2011-0163.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified \"cached resources,\" which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "1025182",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025182"
},
{
"name" : "appleios-cache-dos(66001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified \"cached resources,\" which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "appleios-cache-dos(66001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66001"
},
{
"name": "1025182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025182"
}
]
}
}

540
2011/0xxx/CVE-2011-0419.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache)",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/98"
},
{
"name" : "[dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/dev@apr.apache.org/msg23961.html"
},
{
"name" : "[dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/dev@apr.apache.org/msg23960.html"
},
{
"name" : "[dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/dev@apr.apache.org/msg23976.html"
},
{
"name" : "http://cxib.net/stuff/apache.fnmatch.phps",
"refsource" : "MISC",
"url" : "http://cxib.net/stuff/apache.fnmatch.phps"
},
{
"name" : "http://cxib.net/stuff/apr_fnmatch.txts",
"refsource" : "MISC",
"url" : "http://cxib.net/stuff/apr_fnmatch.txts"
},
{
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name" : "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1098188",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1098188"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1098799",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1098799"
},
{
"name" : "http://www.apache.org/dist/apr/Announcement1.x.html",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"name" : "http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/apr/CHANGES-APR-1.4"
},
{
"name" : "http://www.apache.org/dist/httpd/Announcement2.2.html",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/httpd/Announcement2.2.html"
},
{
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=703390"
},
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "DSA-2237",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2237"
},
{
"name" : "HPSBUX02702",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=131551295528105&w=2"
},
{
"name" : "HPSBUX02707",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2"
},
{
"name" : "SSRT100606",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=131551295528105&w=2"
},
{
"name" : "SSRT100626",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2"
},
{
"name" : "HPSBMU02704",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2"
},
{
"name" : "HPSBOV02822",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2"
},
{
"name" : "SSRT100966",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2"
},
{
"name" : "SSRT100619",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2"
},
{
"name" : "MDVSA-2011:084",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:084"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2011:0507",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0507.html"
},
{
"name" : "RHSA-2011:0896",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"name" : "RHSA-2011:0897",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name" : "SUSE-SU-2011:1229",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"
},
{
"name" : "oval:org.mitre.oval:def:14638",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638"
},
{
"name" : "oval:org.mitre.oval:def:14804",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
},
{
"name" : "1025527",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025527"
},
{
"name" : "44490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44490"
},
{
"name" : "44564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44564"
},
{
"name" : "44574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44574"
},
{
"name" : "48308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48308"
},
{
"name" : "8246",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44574"
},
{
"name": "HPSBUX02707",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131731002122529&w=2"
},
{
"name": "SSRT100966",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134987041210674&w=2"
},
{
"name": "[dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dev@apr.apache.org/msg23976.html"
},
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/98"
},
{
"name": "HPSBUX02702",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131551295528105&w=2"
},
{
"name": "HPSBOV02822",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134987041210674&w=2"
},
{
"name": "SSRT100619",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132033751509019&w=2"
},
{
"name": "oval:org.mitre.oval:def:14804",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22"
},
{
"name": "http://cxib.net/stuff/apr_fnmatch.txts",
"refsource": "MISC",
"url": "http://cxib.net/stuff/apr_fnmatch.txts"
},
{
"name": "oval:org.mitre.oval:def:14638",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638"
},
{
"name": "1025527",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025527"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1098188",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1098188"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15"
},
{
"name": "http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/CHANGES-APR-1.4"
},
{
"name": "http://www.apache.org/dist/apr/Announcement1.x.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1098799",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1098799"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902"
},
{
"name": "8246",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8246"
},
{
"name": "DSA-2237",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2237"
},
{
"name": "RHSA-2011:0897",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390"
},
{
"name": "44564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44564"
},
{
"name": "http://www.apache.org/dist/httpd/Announcement2.2.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/Announcement2.2.html"
},
{
"name": "SSRT100626",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131731002122529&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "44490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44490"
},
{
"name": "http://cxib.net/stuff/apache.fnmatch.phps",
"refsource": "MISC",
"url": "http://cxib.net/stuff/apache.fnmatch.phps"
},
{
"name": "RHSA-2011:0896",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:084"
},
{
"name": "[dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dev@apr.apache.org/msg23961.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "RHSA-2011:0507",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0507.html"
},
{
"name": "SUSE-SU-2011:1229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"
},
{
"name": "HPSBMU02704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132033751509019&w=2"
},
{
"name": "SSRT100606",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131551295528105&w=2"
},
{
"name": "[dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dev@apr.apache.org/msg23960.html"
}
]
}
}

320
2011/2xxx/CVE-2011-2522.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17577",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17577"
},
{
"name" : "http://samba.org/samba/history/samba-3.5.10.html",
"refsource" : "CONFIRM",
"url" : "http://samba.org/samba/history/samba-3.5.10.html"
},
{
"name" : "http://www.samba.org/samba/security/CVE-2011-2522",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/security/CVE-2011-2522"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=721348",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=721348"
},
{
"name" : "https://bugzilla.samba.org/show_bug.cgi?id=8290",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.samba.org/show_bug.cgi?id=8290"
},
{
"name" : "DSA-2290",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2290"
},
{
"name" : "HPSBNS02701",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
},
{
"name" : "SSRT100598",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
},
{
"name" : "HPSBUX02768",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133527864025056&w=2"
},
{
"name" : "SSRT100664",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133527864025056&w=2"
},
{
"name" : "MDVSA-2011:121",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
},
{
"name" : "USN-1182-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1182-1"
},
{
"name" : "JVN#29529126",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN29529126/index.html"
},
{
"name" : "48899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48899"
},
{
"name" : "74071",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74071"
},
{
"name" : "1025852",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025852"
},
{
"name" : "45393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45393"
},
{
"name" : "45488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45488"
},
{
"name" : "45496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45496"
},
{
"name" : "8317",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8317"
},
{
"name" : "samba-swat-csrf(68843)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68843"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121"
},
{
"name": "74071",
"refsource": "OSVDB",
"url": "http://osvdb.org/74071"
},
{
"name": "HPSBNS02701",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
},
{
"name": "SSRT100664",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133527864025056&w=2"
},
{
"name": "HPSBUX02768",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133527864025056&w=2"
},
{
"name": "1025852",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025852"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=8290",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8290"
},
{
"name": "DSA-2290",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2290"
},
{
"name": "http://www.samba.org/samba/security/CVE-2011-2522",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/security/CVE-2011-2522"
},
{
"name": "45393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45393"
},
{
"name": "45496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45496"
},
{
"name": "45488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45488"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=721348",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=721348"
},
{
"name": "http://samba.org/samba/history/samba-3.5.10.html",
"refsource": "CONFIRM",
"url": "http://samba.org/samba/history/samba-3.5.10.html"
},
{
"name": "SSRT100598",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543"
},
{
"name": "17577",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17577"
},
{
"name": "8317",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8317"
},
{
"name": "JVN#29529126",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN29529126/index.html"
},
{
"name": "USN-1182-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1182-1"
},
{
"name": "48899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48899"
},
{
"name": "samba-swat-csrf(68843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68843"
}
]
}
}

260
2011/2xxx/CVE-2011-2597.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-09.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-10.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-11.html"
},
{
"name" : "FEDORA-2011-9638",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html"
},
{
"name" : "FEDORA-2011-9640",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html"
},
{
"name" : "MDVSA-2011:118",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:118"
},
{
"name" : "SUSE-SU-2011:1262",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html"
},
{
"name" : "openSUSE-SU-2011:1263",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html"
},
{
"name" : "48506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48506"
},
{
"name" : "oval:org.mitre.oval:def:14794",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14794"
},
{
"name" : "1025738",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025738"
},
{
"name" : "45086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45086"
},
{
"name" : "45574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45574"
},
{
"name" : "48947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48947"
},
{
"name" : "wireshark-lucent-dos(68335)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-10.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-10.html"
},
{
"name": "1025738",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025738"
},
{
"name": "45574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45574"
},
{
"name": "wireshark-lucent-dos(68335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68335"
},
{
"name": "48947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48947"
},
{
"name": "FEDORA-2011-9638",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html"
},
{
"name": "48506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48506"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-11.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-11.html"
},
{
"name": "openSUSE-SU-2011:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html"
},
{
"name": "FEDORA-2011-9640",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-09.html"
},
{
"name": "45086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45086"
},
{
"name": "oval:org.mitre.oval:def:14794",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14794"
},
{
"name": "SUSE-SU-2011:1262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html"
},
{
"name": "MDVSA-2011:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:118"
}
]
}
}

140
2011/2xxx/CVE-2011-2662.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110926 Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability",
"refsource" : "IDEFENSE",
"url" : "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7009215",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=707527",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=707527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=707527",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=707527"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7009215",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009215"
},
{
"name": "20110926 Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947"
}
]
}
}

200
2011/3xxx/CVE-2011-3187.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110216 Ruby on Rails Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"
},
{
"name" : "[oss-security] 20110817 CVE request: ruby on rails flaws (4)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/17/1"
},
{
"name" : "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/19/11"
},
{
"name" : "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/20/1"
},
{
"name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/14"
},
{
"name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/13"
},
{
"name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/5"
},
{
"name" : "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html",
"refsource" : "MISC",
"url" : "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=673010",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=673010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110216 Ruby on Rails Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html"
},
{
"name": "[oss-security] 20110817 CVE request: ruby on rails flaws (4)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/17/1"
},
{
"name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/13"
},
{
"name": "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html",
"refsource": "MISC",
"url": "http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html"
},
{
"name": "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/11"
},
{
"name": "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/20/1"
},
{
"name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/14"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=673010",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=673010"
},
{
"name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/5"
}
]
}
}

34
2011/3xxx/CVE-2011-3433.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3433",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3433",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/3xxx/CVE-2011-3681.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3681",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-3681",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

120
2011/3xxx/CVE-2011-3691.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html",
"refsource" : "MISC",
"url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html",
"refsource": "MISC",
"url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html"
}
]
}
}

140
2011/3xxx/CVE-2011-3953.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=73478",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=73478"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14392",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14392",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14392"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=73478",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=73478"
}
]
}
}

180
2011/4xxx/CVE-2011-4061.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110629 Breaking the links: Exploiting the linker",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518659"
},
{
"name" : "http://www.nth-dimension.org.uk/downloads.php?id=77",
"refsource" : "MISC",
"url" : "http://www.nth-dimension.org.uk/downloads.php?id=77"
},
{
"name" : "http://www.nth-dimension.org.uk/downloads.php?id=83",
"refsource" : "MISC",
"url" : "http://www.nth-dimension.org.uk/downloads.php?id=83"
},
{
"name" : "48514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48514"
},
{
"name" : "51181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51181"
},
{
"name" : "oval:org.mitre.oval:def:14063",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
},
{
"name" : "8476",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110629 Breaking the links: Exploiting the linker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518659"
},
{
"name": "http://www.nth-dimension.org.uk/downloads.php?id=83",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/downloads.php?id=83"
},
{
"name": "51181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51181"
},
{
"name": "48514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48514"
},
{
"name": "http://www.nth-dimension.org.uk/downloads.php?id=77",
"refsource": "MISC",
"url": "http://www.nth-dimension.org.uk/downloads.php?id=77"
},
{
"name": "oval:org.mitre.oval:def:14063",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063"
},
{
"name": "8476",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8476"
}
]
}
}

34
2011/4xxx/CVE-2011-4227.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4227",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4227",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2011/4xxx/CVE-2011-4353.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ffmpeg.org/",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/"
},
{
"name" : "http://libav.org/",
"refsource" : "CONFIRM",
"url" : "http://libav.org/"
},
{
"name" : "http://libav.org/releases/libav-0.5.6.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.5.6.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.6.4.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.6.4.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.7.3.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.7.3.changelog"
},
{
"name" : "MDVSA-2012:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074"
},
{
"name" : "MDVSA-2012:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075"
},
{
"name" : "MDVSA-2012:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"name" : "USN-1320-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1320-1"
},
{
"name" : "USN-1333-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1333-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://libav.org/releases/libav-0.6.4.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.6.4.changelog"
},
{
"name": "MDVSA-2012:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"name": "USN-1320-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1320-1"
},
{
"name": "MDVSA-2012:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074"
},
{
"name": "MDVSA-2012:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "USN-1333-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1333-1"
},
{
"name": "http://libav.org/releases/libav-0.5.6.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.5.6.changelog"
},
{
"name": "http://libav.org/releases/libav-0.7.3.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.7.3.changelog"
}
]
}
}

140
2011/4xxx/CVE-2011-4673.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18126",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18126"
},
{
"name" : "50730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50730"
},
{
"name" : "jetpack-sharedaddy-sql-injection(71404)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jetpack-sharedaddy-sql-injection(71404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71404"
},
{
"name": "18126",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18126"
},
{
"name": "50730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50730"
}
]
}
}

180
2011/4xxx/CVE-2011-4957.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/6"
},
{
"name" : "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/17"
},
{
"name" : "http://core.trac.wordpress.org/ticket/16892",
"refsource" : "CONFIRM",
"url" : "http://core.trac.wordpress.org/ticket/16892"
},
{
"name" : "http://wordpress.org/news/2011/04/wordpress-3-1-1/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2011/04/wordpress-3-1-1/"
},
{
"name" : "DSA-2470",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2470"
},
{
"name" : "44038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44038"
},
{
"name" : "49138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/17"
},
{
"name": "44038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44038"
},
{
"name": "http://wordpress.org/news/2011/04/wordpress-3-1-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2011/04/wordpress-3-1-1/"
},
{
"name": "http://core.trac.wordpress.org/ticket/16892",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/ticket/16892"
},
{
"name": "49138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49138"
},
{
"name": "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/6"
},
{
"name": "DSA-2470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2470"
}
]
}
}

120
2013/1xxx/CVE-2013-1219.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130426 Cisco IPS SensorApp Regex Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130426 Cisco IPS SensorApp Regex Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1219"
}
]
}
}

180
2013/1xxx/CVE-2013-1580.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/docsis/packet-cmstatus.c?r1=47045&r2=47044&pathrev=47045",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/docsis/packet-cmstatus.c?r1=47045&r2=47044&pathrev=47045"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47045",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47045"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8199",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8199"
},
{
"name" : "openSUSE-SU-2013:0276",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html"
},
{
"name" : "openSUSE-SU-2013:0285",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html"
},
{
"name" : "oval:org.mitre.oval:def:15509",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wireshark.org/security/wnpa-sec-2013-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-01.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8199",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8199"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47045",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47045"
},
{
"name": "openSUSE-SU-2013:0285",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/docsis/packet-cmstatus.c?r1=47045&r2=47044&pathrev=47045",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/docsis/packet-cmstatus.c?r1=47045&r2=47044&pathrev=47045"
},
{
"name": "oval:org.mitre.oval:def:15509",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15509"
},
{
"name": "openSUSE-SU-2013:0276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html"
}
]
}
}

170
2013/1xxx/CVE-2013-1981.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
},
{
"name" : "DSA-2693",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2693"
},
{
"name" : "FEDORA-2013-9079",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html"
},
{
"name" : "USN-1854-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1854-1"
},
{
"name" : "60120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60120"
},
{
"name": "FEDORA-2013-9079",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html"
},
{
"name": "USN-1854-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1854-1"
},
{
"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
},
{
"name": "DSA-2693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2693"
}
]
}
}

34
2013/5xxx/CVE-2013-5293.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5293",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5293",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2013/5xxx/CVE-2013-5481.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130925 Cisco IOS Software Network Address Translation Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130925 Cisco IOS Software Network Address Translation Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat"
}
]
}
}

230
2013/5xxx/CVE-2013-5611.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-5611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-105.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-105.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771294",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771294"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "FEDORA-2013-23127",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
},
{
"name" : "FEDORA-2013-23519",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
},
{
"name" : "openSUSE-SU-2014:0008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
},
{
"name" : "SUSE-SU-2013:1919",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:1916",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
},
{
"name" : "openSUSE-SU-2013:1917",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
},
{
"name" : "openSUSE-SU-2013:1918",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
},
{
"name" : "USN-2052-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2052-1"
},
{
"name" : "1029470",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-105.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-105.html"
},
{
"name": "SUSE-SU-2013:1919",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=771294",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=771294"
},
{
"name": "FEDORA-2013-23127",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
},
{
"name": "FEDORA-2013-23519",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
},
{
"name": "1029470",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029470"
},
{
"name": "openSUSE-SU-2013:1917",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2013:1916",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
},
{
"name": "openSUSE-SU-2014:0008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
},
{
"name": "openSUSE-SU-2013:1918",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
},
{
"name": "USN-2052-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2052-1"
}
]
}
}

390
2013/5xxx/CVE-2013-5849.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name" : "http://support.apple.com/kb/HT5982",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5982"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1018750",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1018750"
},
{
"name" : "APPLE-SA-2013-10-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02943",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2"
},
{
"name" : "HPSBUX02944",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2"
},
{
"name" : "RHSA-2013:1440",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name" : "RHSA-2013:1447",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"name" : "RHSA-2013:1451",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"name" : "RHSA-2013:1505",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"name" : "RHSA-2013:1507",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
},
{
"name" : "RHSA-2013:1508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html"
},
{
"name" : "RHSA-2013:1509",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1509.html"
},
{
"name" : "RHSA-2013:1793",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "SUSE-SU-2013:1666",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"name" : "SUSE-SU-2013:1677",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
},
{
"name" : "openSUSE-SU-2013:1663",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"name" : "USN-2033-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"name" : "USN-2089-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name" : "63106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/63106"
},
{
"name" : "98564",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98564"
},
{
"name" : "oval:org.mitre.oval:def:18971",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18971"
},
{
"name" : "56338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56338"
},
{
"name" : "oracle-cpuoct2013-cve20135849(88003)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "RHSA-2013:1447",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"name": "RHSA-2013:1440",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name": "USN-2033-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"name": "USN-2089-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name": "RHSA-2013:1508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"
},
{
"name": "SUSE-SU-2013:1677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
},
{
"name": "oracle-cpuoct2013-cve20135849(88003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88003"
},
{
"name": "HPSBUX02944",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2"
},
{
"name": "RHSA-2013:1505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
},
{
"name": "HPSBUX02943",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2"
},
{
"name": "openSUSE-SU-2013:1663",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"name": "SUSE-SU-2013:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"name": "RHSA-2013:1793",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"
},
{
"name": "RHSA-2013:1509",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "APPLE-SA-2013-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:18971",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18971"
},
{
"name": "RHSA-2013:1507",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1018750",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018750"
},
{
"name": "http://support.apple.com/kb/HT5982",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5982"
},
{
"name": "63106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63106"
},
{
"name": "56338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56338"
},
{
"name": "RHSA-2013:1451",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
},
{
"name": "98564",
"refsource": "OSVDB",
"url": "http://osvdb.org/98564"
}
]
}
}

160
2014/2xxx/CVE-2014-2615.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-2615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU03064",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076"
},
{
"name" : "SSRT101461",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076"
},
{
"name" : "68363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68363"
},
{
"name" : "1030518",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030518"
},
{
"name" : "58912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58912"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030518",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030518"
},
{
"name": "SSRT101461",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076"
},
{
"name": "68363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68363"
},
{
"name": "HPSBMU03064",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076"
},
{
"name": "58912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58912"
}
]
}
}

170
2014/2xxx/CVE-2014-2986.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140423 Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/23/4"
},
{
"name" : "[oss-security] 20140423 Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/23/5"
},
{
"name" : "[oss-security] 20140423 Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/23/3"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-94.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-94.html"
},
{
"name" : "67047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67047"
},
{
"name" : "1030146",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030146"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030146",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030146"
},
{
"name": "[oss-security] 20140423 Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/23/3"
},
{
"name": "[oss-security] 20140423 Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/23/5"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-94.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-94.html"
},
{
"name": "67047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67047"
},
{
"name": "[oss-security] 20140423 Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/23/4"
}
]
}
}

200
2014/6xxx/CVE-2014-6096.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name" : "IV66496",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name" : "IV66624",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name" : "IV66635",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name" : "IV66637",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name" : "IV66642",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name" : "IV66645",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"name" : "62363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62363"
},
{
"name" : "ibm-sim-cve20146096-xss(95944)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146096-xss(95944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95944"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}

220
2014/6xxx/CVE-2014-6416.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140915 Re: CVE Request: libceph auth token overflow / Linux kernel",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/15/7"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8"
},
{
"name" : "http://tracker.ceph.com/issues/8979",
"refsource" : "CONFIRM",
"url" : "http://tracker.ceph.com/issues/8979"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1142060",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1142060"
},
{
"name" : "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8"
},
{
"name" : "USN-2376-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2376-1"
},
{
"name" : "USN-2377-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2377-1"
},
{
"name" : "USN-2378-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2378-1"
},
{
"name" : "USN-2379-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2379-1"
},
{
"name" : "69805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2377-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2377-1"
},
{
"name": "69805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69805"
},
{
"name": "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8"
},
{
"name": "[oss-security] 20140915 Re: CVE Request: libceph auth token overflow / Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/15/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1142060",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142060"
},
{
"name": "USN-2378-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2378-1"
},
{
"name": "http://tracker.ceph.com/issues/8979",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/8979"
},
{
"name": "USN-2379-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2379-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3"
},
{
"name": "USN-2376-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2376-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c27a3e4d667fdcad3db7b104f75659478e0c68d8"
}
]
}
}

140
2017/0xxx/CVE-2017-0067.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Browser",
"version" : {
"version_data" : [
{
"version_value" : "Browser"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_value": "Browser"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0067",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0067"
},
{
"name" : "96662",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96662"
},
{
"name" : "1038006",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0067",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0067"
},
{
"name": "96662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96662"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}

132
2017/0xxx/CVE-2017-0683.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99478",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99478"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000220.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.448740",
"ID" : "CVE-2017-1000220",
"REQUESTER" : "micaksica@gmx.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pidusage",
"version" : {
"version_data" : [
{
"version_value" : "<=1.1.4"
}
]
}
}
]
},
"vendor_name" : "soyuka"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.448740",
"ID": "CVE-2017-1000220",
"REQUESTER": "micaksica@gmx.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/356",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/356"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/356",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/356"
}
]
}
}

34
2017/16xxx/CVE-2017-16467.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16467",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-16467",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

34
2017/18xxx/CVE-2017-18153.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18153",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18153",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1657.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1657",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1657",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1937.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1937",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1937",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4204.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4204",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4204",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4816.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4816",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4816",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

140
2017/4xxx/CVE-2017-4900.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"ID" : "CVE-2017-4900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Workstation Pro/Player",
"version" : {
"version_data" : [
{
"version_value" : "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name" : "96770",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96770"
},
{
"name" : "1037979",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96770"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}