admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:05:45 +00:00
parent a650c4c6a0
commit 93c12175c9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3980 additions and 3980 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0360.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060116 MPM HP-180W VoIP wireless desktop phone undocumented port UDP/9090",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041437.html"
},
{
"name" : "16285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16285"
},
{
"name" : "18512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18512"
},
{
"name" : "mpn-hp180w-default-port(24147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18512"
},
{
"name": "20060116 MPM HP-180W VoIP wireless desktop phone undocumented port UDP/9090",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041437.html"
},
{
"name": "mpn-hp180w-default-port(24147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24147"
},
{
"name": "16285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16285"
}
]
}
}

210
2006/0xxx/CVE-2006-0496.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0496",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060128 -moz-binding CSS property: more XSS fun",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=113847912709062&w=2"
},
{
"name" : "http://community.livejournal.com/lj_dev/708069.html",
"refsource" : "MISC",
"url" : "http://community.livejournal.com/lj_dev/708069.html"
},
{
"name" : "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
"refsource" : "MISC",
"url" : "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=324253"
},
{
"name" : "16427",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16427"
},
{
"name" : "ADV-2006-0403",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0403"
},
{
"name" : "22924",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22924"
},
{
"name" : "1015553",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015553"
},
{
"name" : "1015563",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015563"
},
{
"name" : "mozilla-mozbinding-xss(24427)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
"refsource": "MISC",
"url": "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=324253"
},
{
"name": "1015563",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015563"
},
{
"name": "mozilla-mozbinding-xss(24427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427"
},
{
"name": "ADV-2006-0403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0403"
},
{
"name": "16427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16427"
},
{
"name": "http://community.livejournal.com/lj_dev/708069.html",
"refsource": "MISC",
"url": "http://community.livejournal.com/lj_dev/708069.html"
},
{
"name": "1015553",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015553"
},
{
"name": "20060128 -moz-binding CSS property: more XSS fun",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113847912709062&w=2"
},
{
"name": "22924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22924"
}
]
}
}

240
2006/0xxx/CVE-2006-0517.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"name" : "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"name" : "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name" : "24397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24397"
},
{
"name" : "16458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16458"
},
{
"name" : "ADV-2006-0398",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name" : "22844",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22844"
},
{
"name" : "22845",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22845"
},
{
"name" : "22848",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22848"
},
{
"name" : "1015556",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015556"
},
{
"name" : "18676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18676"
},
{
"name" : "395",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/395"
},
{
"name" : "spip-forum-sql-injection(24397)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to \"session handling\"; and (5) when posting \"petitions\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0990.html"
},
{
"name": "16458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16458"
},
{
"name": "22845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22845"
},
{
"name": "22848",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22848"
},
{
"name": "spip-forum-sql-injection(24397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24397"
},
{
"name": "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "22844",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22844"
},
{
"name": "1015556",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015556"
},
{
"name": "24397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24397"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423655/100/0/threaded"
},
{
"name": "ADV-2006-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "395",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/395"
}
]
}
}

200
2006/3xxx/CVE-2006-3103.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060617 bitweaver <= v1.3 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437491/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/bitweaver_13_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/bitweaver_13_xpl.html"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358"
},
{
"name" : "http://www.bitweaver.org/articles/45",
"refsource" : "CONFIRM",
"url" : "http://www.bitweaver.org/articles/45"
},
{
"name" : "ADV-2006-2405",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2405"
},
{
"name" : "26588",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26588"
},
{
"name" : "20695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20695"
},
{
"name" : "1115",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1115"
},
{
"name" : "bitweaver-index-xss(27213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358"
},
{
"name": "http://retrogod.altervista.org/bitweaver_13_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/bitweaver_13_xpl.html"
},
{
"name": "bitweaver-index-xss(27213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27213"
},
{
"name": "20695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20695"
},
{
"name": "26588",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26588"
},
{
"name": "http://www.bitweaver.org/articles/45",
"refsource": "CONFIRM",
"url": "http://www.bitweaver.org/articles/45"
},
{
"name": "1115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1115"
},
{
"name": "ADV-2006-2405",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2405"
},
{
"name": "20060617 bitweaver <= v1.3 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded"
}
]
}
}

160
2006/3xxx/CVE-2006-3232.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the \"UserNameToken cache was improperly used.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876"
},
{
"name" : "PK22951",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876"
},
{
"name" : "18578",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18578"
},
{
"name" : "ADV-2006-2482",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2482"
},
{
"name" : "20732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the \"UserNameToken cache was improperly used.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20732"
},
{
"name": "ADV-2006-2482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2482"
},
{
"name": "18578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18578"
},
{
"name": "PK22951",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876"
}
]
}
}

230
2006/3xxx/CVE-2006-3715.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

190
2006/4xxx/CVE-2006-4223.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4223",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
},
{
"name" : "PK23475",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
},
{
"name" : "22991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22991"
},
{
"name" : "ADV-2006-3281",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3281"
},
{
"name" : "ADV-2007-0970",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0970"
},
{
"name" : "21487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21487"
},
{
"name" : "24478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3281"
},
{
"name": "ADV-2007-0970",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0970"
},
{
"name": "24478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24478"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213"
},
{
"name": "21487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21487"
},
{
"name": "22991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22991"
},
{
"name": "PK23475",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
}
]
}
}

170
2006/4xxx/CVE-2006-4682.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IC46283",
"refsource" : "AIXAPAR",
"url" : "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
},
{
"name" : "IC46730",
"refsource" : "AIXAPAR",
"url" : "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
},
{
"name" : "IC46959",
"refsource" : "AIXAPAR",
"url" : "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
},
{
"name" : "19915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19915"
},
{
"name" : "ADV-2006-3532",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3532"
},
{
"name" : "21802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC46730",
"refsource": "AIXAPAR",
"url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
},
{
"name": "IC46959",
"refsource": "AIXAPAR",
"url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
},
{
"name": "ADV-2006-3532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3532"
},
{
"name": "IC46283",
"refsource": "AIXAPAR",
"url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
},
{
"name": "21802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21802"
},
{
"name": "19915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19915"
}
]
}
}

180
2006/4xxx/CVE-2006-4763.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445821/100/0/threaded"
},
{
"name" : "20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049408.html"
},
{
"name" : "http://www.fishnetsecurity.com/csirt/disclosure/ibm",
"refsource" : "MISC",
"url" : "http://www.fishnetsecurity.com/csirt/disclosure/ibm"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589"
},
{
"name" : "19966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19966"
},
{
"name" : "1571",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1571"
},
{
"name" : "domino-token-session-hijack(28881)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-token-session-hijack(28881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28881"
},
{
"name": "20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445821/100/0/threaded"
},
{
"name": "20060912 Session Token Remains Valid After Logout in IBM Lotus Domino Web Access",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049408.html"
},
{
"name": "http://www.fishnetsecurity.com/csirt/disclosure/ibm",
"refsource": "MISC",
"url": "http://www.fishnetsecurity.com/csirt/disclosure/ibm"
},
{
"name": "19966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19966"
},
{
"name": "1571",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1571"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21245589"
}
]
}
}

130
2006/6xxx/CVE-2006-6435.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"
},
{
"name" : "23265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23265"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"
}
]
}
}

160
2006/7xxx/CVE-2006-7027.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060504 ISA Server 2004 Log Manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432947/30/5190/threaded"
},
{
"name" : "20060505 Re: ISA Server 2004 Log Manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433074/30/5190/threaded"
},
{
"name" : "20060506 Re: ISA Server 2004 Log Manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433141/30/5160/threaded"
},
{
"name" : "20060509 Re: ISA Server 2004 Log Manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433350/30/5100/threaded"
},
{
"name" : "isa-log-manipulation(26233)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060505 Re: ISA Server 2004 Log Manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433074/30/5190/threaded"
},
{
"name": "20060504 ISA Server 2004 Log Manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432947/30/5190/threaded"
},
{
"name": "20060509 Re: ISA Server 2004 Log Manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433350/30/5100/threaded"
},
{
"name": "isa-log-manipulation(26233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26233"
},
{
"name": "20060506 Re: ISA Server 2004 Log Manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433141/30/5160/threaded"
}
]
}
}

210
2010/2xxx/CVE-2010-2253.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127411372529485&w=2"
},
{
"name" : "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127611288927500&w=2"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2010-001.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2010-001.html"
},
{
"name" : "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes",
"refsource" : "CONFIRM",
"url" : "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=591580",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=602800",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=602800"
},
{
"name" : "FEDORA-2010-15405",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"
},
{
"name" : "FEDORA-2010-15532",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"
},
{
"name" : "USN-981-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-981-1"
},
{
"name" : "ADV-2010-2872",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=602800",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"
},
{
"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"
},
{
"name": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"
},
{
"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"
},
{
"name": "FEDORA-2010-15532",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2010-001.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2010-001.html"
},
{
"name": "FEDORA-2010-15405",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
},
{
"name": "USN-981-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-981-1"
},
{
"name": "ADV-2010-2872",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2872"
}
]
}
}

140
2010/2xxx/CVE-2010-2552.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka \"SMB Stack Exhaustion Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-054",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "oval:org.mitre.oval:def:12072",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka \"SMB Stack Exhaustion Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054"
},
{
"name": "oval:org.mitre.oval:def:12072",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12072"
}
]
}
}

330
2010/2xxx/CVE-2010-2643.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=666321",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
},
{
"name" : "DSA-2357",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2357"
},
{
"name" : "FEDORA-2011-0208",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name" : "FEDORA-2011-0224",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name" : "MDVSA-2011:005",
"refsource" : "MANDRIVA",
"url" : "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name" : "RHSA-2011:0009",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1035-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name" : "45678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45678"
},
{
"name" : "1024937",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024937"
},
{
"name" : "42769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42769"
},
{
"name" : "42821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42821"
},
{
"name" : "42847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42847"
},
{
"name" : "42872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42872"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2011-0029",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name" : "ADV-2011-0043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name" : "ADV-2011-0056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name" : "ADV-2011-0097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name" : "ADV-2011-0102",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "MDVSA-2011:005",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=666321",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
},
{
"name": "42872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42872"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name": "ADV-2011-0029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name": "FEDORA-2011-0224",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name": "42769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42769"
},
{
"name": "ADV-2011-0097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name": "DSA-2357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2357"
},
{
"name": "USN-1035-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2011-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name": "42821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42821"
},
{
"name": "ADV-2011-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name": "RHSA-2011:0009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name": "1024937",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024937"
},
{
"name": "FEDORA-2011-0208",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name": "45678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45678"
},
{
"name": "42847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42847"
}
]
}
}

300
2010/2xxx/CVE-2010-2795.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.jasig.org/browse/PHPCAS-61",
"refsource" : "CONFIRM",
"url" : "https://issues.jasig.org/browse/PHPCAS-61"
},
{
"name" : "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog"
},
{
"name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
"refsource" : "CONFIRM",
"url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name" : "DSA-2172",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2172"
},
{
"name" : "FEDORA-2010-12247",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html"
},
{
"name" : "FEDORA-2010-12258",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html"
},
{
"name" : "FEDORA-2010-16905",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name" : "FEDORA-2010-16912",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"name" : "42162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42162"
},
{
"name" : "40845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40845"
},
{
"name" : "41240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41240"
},
{
"name" : "42149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42149"
},
{
"name" : "42184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42184"
},
{
"name" : "43427",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43427"
},
{
"name" : "ADV-2010-2234",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2234"
},
{
"name" : "ADV-2010-2261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2261"
},
{
"name" : "ADV-2010-2909",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name" : "ADV-2011-0456",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name" : "phpcas-tickets-session-hijacking(60894)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2172",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"name": "ADV-2011-0456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "41240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41240"
},
{
"name": "40845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40845"
},
{
"name": "FEDORA-2010-12258",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html"
},
{
"name": "phpcas-tickets-session-hijacking(60894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60894"
},
{
"name": "https://issues.jasig.org/browse/PHPCAS-61",
"refsource": "CONFIRM",
"url": "https://issues.jasig.org/browse/PHPCAS-61"
},
{
"name": "ADV-2010-2909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog",
"refsource": "CONFIRM",
"url": "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-2261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2261"
},
{
"name": "42149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42149"
},
{
"name": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
"refsource": "CONFIRM",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "FEDORA-2010-12247",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html"
},
{
"name": "43427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43427"
},
{
"name": "42162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42162"
},
{
"name": "ADV-2010-2234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2234"
},
{
"name": "FEDORA-2010-16912",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"name": "FEDORA-2010-16905",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "42184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42184"
}
]
}
}

200
2010/3xxx/CVE-2010-3186.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443736",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443736"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24027708",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24027708"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24027709",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24027709"
},
{
"name" : "PM08360",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360"
},
{
"name" : "PM16014",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014"
},
{
"name" : "67570",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67570"
},
{
"name" : "41173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41173"
},
{
"name" : "ADV-2010-2215",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2215"
},
{
"name" : "websphere-timestamp-unspecified(61435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM08360",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360"
},
{
"name": "67570",
"refsource": "OSVDB",
"url": "http://osvdb.org/67570"
},
{
"name": "PM16014",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24027709",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24027709"
},
{
"name": "41173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41173"
},
{
"name": "websphere-timestamp-unspecified(61435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61435"
},
{
"name": "ADV-2010-2215",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2215"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21443736",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443736"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24027708",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24027708"
}
]
}
}

34
2010/3xxx/CVE-2010-3373.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3373",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3373",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2010/3xxx/CVE-2010-3985.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02588",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822"
},
{
"name" : "SSRT100001",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822"
},
{
"name" : "44331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44331"
},
{
"name" : "68906",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68906"
},
{
"name" : "41983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41983"
},
{
"name" : "ADV-2010-2760",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2760"
},
{
"name" : "hp-orchestration-unspec-xss(62727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44331"
},
{
"name": "41983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41983"
},
{
"name": "hp-orchestration-unspec-xss(62727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62727"
},
{
"name": "ADV-2010-2760",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2760"
},
{
"name": "HPSBMA02588",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822"
},
{
"name": "SSRT100001",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822"
},
{
"name": "68906",
"refsource": "OSVDB",
"url": "http://osvdb.org/68906"
}
]
}
}

170
2011/0xxx/CVE-2011-0090.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012"
},
{
"name" : "46150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46150"
},
{
"name" : "70814",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70814"
},
{
"name" : "oval:org.mitre.oval:def:12455",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12455"
},
{
"name" : "43255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43255"
},
{
"name" : "ADV-2011-0325",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka \"Win32k Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46150"
},
{
"name": "43255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43255"
},
{
"name": "ADV-2011-0325",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0325"
},
{
"name": "oval:org.mitre.oval:def:12455",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12455"
},
{
"name": "MS11-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-012"
},
{
"name": "70814",
"refsource": "OSVDB",
"url": "http://osvdb.org/70814"
}
]
}
}

150
2011/0xxx/CVE-2011-0167.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "46816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46816"
},
{
"name" : "1025183",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "46816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46816"
},
{
"name": "1025183",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025183"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
}
]
}
}

34
2011/0xxx/CVE-2011-0416.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0416",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0416",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2011/0xxx/CVE-2011-0594.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "46216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46216"
},
{
"name" : "oval:org.mitre.oval:def:12444",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12444"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name" : "adobe-reader-fonts-code-exec(65299)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65299"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12444",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12444"
},
{
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name": "adobe-reader-fonts-code-exec(65299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65299"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "46216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46216"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

220
2011/0xxx/CVE-2011-0666.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47203"
},
{
"name" : "71742",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71742"
},
{
"name" : "oval:org.mitre.oval:def:12347",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12347"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name" : "mswin-win32k-var3-priv-escalation(66397)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71742",
"refsource": "OSVDB",
"url": "http://osvdb.org/71742"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "oval:org.mitre.oval:def:12347",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12347"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "47203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47203"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
},
{
"name": "mswin-win32k-var3-priv-escalation(66397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66397"
}
]
}
}

160
2011/1xxx/CVE-2011-1544.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02664",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130339248106264&w=2"
},
{
"name" : "SSRT100417",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130339248106264&w=2"
},
{
"name" : "1025431",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025431"
},
{
"name" : "44216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44216"
},
{
"name" : "8237",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44216"
},
{
"name": "1025431",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025431"
},
{
"name": "8237",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8237"
},
{
"name": "HPSBMA02664",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130339248106264&w=2"
},
{
"name": "SSRT100417",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130339248106264&w=2"
}
]
}
}

130
2011/1xxx/CVE-2011-1919.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-1919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf"
},
{
"name" : "50474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50474"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf"
}
]
}
}

130
2011/1xxx/CVE-2011-1932.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021",
"refsource" : "CONFIRM",
"url" : "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021",
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960"
}
]
}
}

150
2011/5xxx/CVE-2011-5180.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111130 Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520690/100/0/threaded"
},
{
"name" : "50860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50860"
},
{
"name" : "77648",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77648"
},
{
"name" : "wp1jqueryphotogallery-page-xss(71572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50860"
},
{
"name": "wp1jqueryphotogallery-page-xss(71572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71572"
},
{
"name": "77648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77648"
},
{
"name": "20111130 Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520690/100/0/threaded"
}
]
}
}

130
2014/3xxx/CVE-2014-3050.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679192",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679192"
},
{
"name" : "ibm-rtc-cve20143050-cred(93436)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93436"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679192",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679192"
},
{
"name": "ibm-rtc-cve20143050-cred(93436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93436"
}
]
}
}

140
2014/3xxx/CVE-2014-3541.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140721 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=264262",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=264262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=264262",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=264262"
},
{
"name": "[oss-security] 20140721 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616"
}
]
}
}

180
2014/3xxx/CVE-2014-3985.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140430 CVE request: possible miniupnpc buffer overflow",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/201"
},
{
"name" : "[oss-security] 20140606 Re: CVE request: possible miniupnpc buffer overflow",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/496"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085618",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085618"
},
{
"name" : "https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9",
"refsource" : "CONFIRM",
"url" : "https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9"
},
{
"name" : "GLSA-201701-41",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-41"
},
{
"name" : "openSUSE-SU-2014:0815",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00039.html"
},
{
"name" : "67152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67152"
},
{
"name": "openSUSE-SU-2014:0815",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00039.html"
},
{
"name": "GLSA-201701-41",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-41"
},
{
"name": "https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9",
"refsource": "CONFIRM",
"url": "https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9"
},
{
"name": "[oss-security] 20140430 CVE request: possible miniupnpc buffer overflow",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/201"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1085618",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085618"
},
{
"name": "[oss-security] 20140606 Re: CVE request: possible miniupnpc buffer overflow",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/496"
}
]
}
}

140
2014/6xxx/CVE-2014-6705.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#704729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/704729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#704729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/704729"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6761.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#482089",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/482089"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#482089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/482089"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7149.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7149",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7149",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/7xxx/CVE-2014-7196.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7196",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a duplicate of CVE-2014-7169. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7196",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a duplicate of CVE-2014-7169. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2014/7xxx/CVE-2014-7650.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#174265",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/174265"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#174265",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/174265"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7795.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#859257",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/859257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#859257",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/859257"
}
]
}
}

34
2014/8xxx/CVE-2014-8265.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8265",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8265",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2016/2xxx/CVE-2016-2214.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-agilecontroller-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-agilecontroller-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-agilecontroller-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-agilecontroller-en"
}
]
}
}

120
2016/2xxx/CVE-2016-2444.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2895.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2895",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2895",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/2xxx/CVE-2016-2932.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991882",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991882"
},
{
"name" : "IV89787",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89787"
},
{
"name" : "94983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89787",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89787"
},
{
"name": "94983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94983"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991882",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991882"
}
]
}
}

140
2016/6xxx/CVE-2016-6960.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

170
2017/18xxx/CVE-2017-18078.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43935",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43935/"
},
{
"name" : "[oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/01/29/3"
},
{
"name" : "[oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege",
"refsource" : "MLIST",
"url" : "https://www.openwall.com/lists/oss-security/2018/01/29/4"
},
{
"name" : "https://github.com/systemd/systemd/issues/7736",
"refsource" : "MISC",
"url" : "https://github.com/systemd/systemd/issues/7736"
},
{
"name" : "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html"
},
{
"name" : "openSUSE-SU-2018:0560",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2018:0560",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html"
},
{
"name": "[oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/01/29/3"
},
{
"name": "43935",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43935/"
},
{
"name": "https://github.com/systemd/systemd/issues/7736",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/issues/7736"
},
{
"name": "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html"
},
{
"name": "[oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/01/29/4"
}
]
}
}

170
2017/18xxx/CVE-2017-18221.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc"
},
{
"name" : "https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4",
"refsource" : "MISC",
"url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4"
},
{
"name" : "USN-3655-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3655-2/"
},
{
"name" : "USN-3655-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3655-1/"
},
{
"name" : "103321",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc"
},
{
"name": "USN-3655-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4"
},
{
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "103321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103321"
}
]
}
}

120
2017/1xxx/CVE-2017-1103.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22002429",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22002429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002429",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002429"
}
]
}
}

388
2017/1xxx/CVE-2017-1540.json
View File

@ -1,196 +1,196 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-23T00:00:00",
"ID" : "CVE-2017-1540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS",
"version" : {
"version_data" : [
{
"version_value" : "9.5"
},
{
"version_value" : "9.5.0.1"
},
{
"version_value" : "9.5.1"
},
{
"version_value" : "9.5.1.1"
},
{
"version_value" : "9.5.1.2"
},
{
"version_value" : "9.5.2"
},
{
"version_value" : "9.5.2.1"
},
{
"version_value" : "9.6"
},
{
"version_value" : "9.5.0.2"
},
{
"version_value" : "9.5.0.3"
},
{
"version_value" : "9.5.1.3"
},
{
"version_value" : "9.5.1.4"
},
{
"version_value" : "9.5.2.2"
},
{
"version_value" : "9.5.2.3"
},
{
"version_value" : "9.6.0.1"
},
{
"version_value" : "9.6.0.2"
},
{
"version_value" : "9.6.1"
},
{
"version_value" : "9.6.1.1"
},
{
"version_value" : "9.5.0.4"
},
{
"version_value" : "9.5.1.5"
},
{
"version_value" : "9.5.2.4"
},
{
"version_value" : "9.6.0.3"
},
{
"version_value" : "9.6.1.2"
},
{
"version_value" : "9.6.1.3"
},
{
"version_value" : "9.6.1.4"
},
{
"version_value" : "9.5.0.5"
},
{
"version_value" : "9.5.1.6"
},
{
"version_value" : "9.5.2.5"
},
{
"version_value" : "9.6.0.4"
},
{
"version_value" : "9.5.0.6"
},
{
"version_value" : "9.5.1.7"
},
{
"version_value" : "9.5.2.6"
},
{
"version_value" : "9.6.0.5"
},
{
"version_value" : "9.6.1.5"
},
{
"version_value" : "9.6.1.6"
},
{
"version_value" : "9.6.1.7"
},
{
"version_value" : "9.5.0.7"
},
{
"version_value" : "9.5.1.8"
},
{
"version_value" : "9.5.2.7"
},
{
"version_value" : "9.6.0.6"
},
{
"version_value" : "9.6.1.8"
},
{
"version_value" : "9.6.1.9"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name" : "102890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102890"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
]
}
}

34
2017/1xxx/CVE-2017-1971.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1971",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1971",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/5xxx/CVE-2017-5276.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5276",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5276",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2017/5xxx/CVE-2017-5507.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/16/6"
},
{
"name" : "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/17/5"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/blob/6.9.7-4/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/blob/6.9.7-4/ChangeLog"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/blob/7.0.4-4/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/blob/7.0.4-4/ChangeLog"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738"
},
{
"name" : "DSA-3799",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3799"
},
{
"name" : "GLSA-201702-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-09"
},
{
"name" : "95752",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95752"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/16/6"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851382"
},
{
"name": "GLSA-201702-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-09"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/blob/7.0.4-4/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/blob/7.0.4-4/ChangeLog"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738"
},
{
"name": "DSA-3799",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3799"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/blob/6.9.7-4/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/blob/6.9.7-4/ChangeLog"
},
{
"name": "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/5"
},
{
"name": "95752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95752"
}
]
}
}

150
2017/5xxx/CVE-2017-5538.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170119 CVE Request - Samsung Exynos GPU driver OOB read",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"name" : "[oss-security] 20170119 Re: CVE Request - Samsung Exynos GPU driver OOB read",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"name" : "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource" : "CONFIRM",
"url" : "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name" : "95674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95674"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "[oss-security] 20170119 CVE Request - Samsung Exynos GPU driver OOB read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"name": "[oss-security] 20170119 Re: CVE Request - Samsung Exynos GPU driver OOB read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"name": "95674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95674"
}
]
}
}

140
2017/5xxx/CVE-2017-5613.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/28/8"
},
{
"name" : "https://news.cpanel.com/tsr-2017-0001-full-disclosure/",
"refsource" : "MISC",
"url" : "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"name" : "95870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95870"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95870"
},
{
"name": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/",
"refsource": "MISC",
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"name": "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8"
}
]
}
}

130
2017/5xxx/CVE-2017-5632.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an \"nmap -O\" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/",
"refsource" : "MISC",
"url" : "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/"
},
{
"name" : "95857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an \"nmap -O\" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/"
},
{
"name": "95857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95857"
}
]
}
}