mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
d7fbf0629f
commit
94bbcb3f41
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0144",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0144",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060109 New PEAR / Apache2Triad Exploit",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://apache2triad.net/forums/viewtopic.php?p=14670",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://apache2triad.net/forums/viewtopic.php?p=14670"
|
||||
},
|
||||
{
|
||||
"name" : "16174",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/16174"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-0148",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/0148"
|
||||
},
|
||||
{
|
||||
"name" : "18390",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/18390"
|
||||
},
|
||||
{
|
||||
"name" : "gopear-proxy-redirection(24076)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2006-0148",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0148"
|
||||
},
|
||||
{
|
||||
"name": "16174",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/16174"
|
||||
},
|
||||
{
|
||||
"name": "http://apache2triad.net/forums/viewtopic.php?p=14670",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://apache2triad.net/forums/viewtopic.php?p=14670"
|
||||
},
|
||||
{
|
||||
"name": "18390",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/18390"
|
||||
},
|
||||
{
|
||||
"name": "gopear-proxy-redirection(24076)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24076"
|
||||
},
|
||||
{
|
||||
"name": "20060109 New PEAR / Apache2Triad Exploit",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/421469/100/0/threaded"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0197",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a \"long\" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0197",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060108 xorg server 6.8.2 and below on 64bit arch",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/421256/100/0/threaded"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a \"long\" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20060108 xorg server 6.8.2 and below on 64bit arch",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/421256/100/0/threaded"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0391",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0391",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060302 Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability",
|
||||
"refsource" : "IDEFENSE",
|
||||
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=399"
|
||||
},
|
||||
{
|
||||
"name" : "http://docs.info.apple.com/article.html?artnum=303382",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://docs.info.apple.com/article.html?artnum=303382"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2006-03-01",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name" : "TA06-062A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
|
||||
},
|
||||
{
|
||||
"name" : "16907",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/16907"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-0791",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/0791"
|
||||
},
|
||||
{
|
||||
"name" : "23641",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/23641"
|
||||
},
|
||||
{
|
||||
"name" : "19064",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/19064"
|
||||
},
|
||||
{
|
||||
"name" : "macosx-bom-directory-traversal(25023)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25023"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "23641",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/23641"
|
||||
},
|
||||
{
|
||||
"name": "macosx-bom-directory-traversal(25023)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25023"
|
||||
},
|
||||
{
|
||||
"name": "19064",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/19064"
|
||||
},
|
||||
{
|
||||
"name": "20060302 Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability",
|
||||
"refsource": "IDEFENSE",
|
||||
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=399"
|
||||
},
|
||||
{
|
||||
"name": "16907",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/16907"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-0791",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0791"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2006-03-01",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "TA06-062A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
|
||||
},
|
||||
{
|
||||
"name": "http://docs.info.apple.com/article.html?artnum=303382",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://docs.info.apple.com/article.html?artnum=303382"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0462",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0462",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060126 [eVuln] AndoNET Blog SQL Injection Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/423162"
|
||||
},
|
||||
{
|
||||
"name" : "http://evuln.com/vulns/50/summary.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://evuln.com/vulns/50/summary.html"
|
||||
},
|
||||
{
|
||||
"name" : "16393",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/16393"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-0327",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/0327"
|
||||
},
|
||||
{
|
||||
"name" : "22755",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/22755"
|
||||
},
|
||||
{
|
||||
"name" : "18633",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/18633"
|
||||
},
|
||||
{
|
||||
"name" : "377",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/377"
|
||||
},
|
||||
{
|
||||
"name" : "andonetblog-index-sql-injection(24309)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24309"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "16393",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/16393"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-0327",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0327"
|
||||
},
|
||||
{
|
||||
"name": "22755",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/22755"
|
||||
},
|
||||
{
|
||||
"name": "andonetblog-index-sql-injection(24309)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24309"
|
||||
},
|
||||
{
|
||||
"name": "http://evuln.com/vulns/50/summary.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://evuln.com/vulns/50/summary.html"
|
||||
},
|
||||
{
|
||||
"name": "20060126 [eVuln] AndoNET Blog SQL Injection Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/423162"
|
||||
},
|
||||
{
|
||||
"name": "377",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/377"
|
||||
},
|
||||
{
|
||||
"name": "18633",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/18633"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-0506",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-0506",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060130 Nuked-klaN Cross-Site Scripting Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/423454/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "16424",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/16424"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-0387",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/0387"
|
||||
},
|
||||
{
|
||||
"name" : "22805",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/22805"
|
||||
},
|
||||
{
|
||||
"name" : "18670",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/18670"
|
||||
},
|
||||
{
|
||||
"name" : "385",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/385"
|
||||
},
|
||||
{
|
||||
"name" : "nukedklan-index-xss(24387)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24387"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "22805",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/22805"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-0387",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0387"
|
||||
},
|
||||
{
|
||||
"name": "385",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/385"
|
||||
},
|
||||
{
|
||||
"name": "16424",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/16424"
|
||||
},
|
||||
{
|
||||
"name": "18670",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/18670"
|
||||
},
|
||||
{
|
||||
"name": "20060130 Nuked-klaN Cross-Site Scripting Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/423454/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "nukedklan-index-xss(24387)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24387"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-3026",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-3026",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://pridels0.blogspot.com/2006/06/clickgallery-vuln.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://pridels0.blogspot.com/2006/06/clickgallery-vuln.html"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2315",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2315"
|
||||
},
|
||||
{
|
||||
"name" : "20614",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/20614"
|
||||
},
|
||||
{
|
||||
"name" : "clickgallery-gallery-viewgallery-xss(27037)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27037"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://pridels0.blogspot.com/2006/06/clickgallery-vuln.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://pridels0.blogspot.com/2006/06/clickgallery-vuln.html"
|
||||
},
|
||||
{
|
||||
"name": "clickgallery-gallery-viewgallery-xss(27037)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27037"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2315",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2315"
|
||||
},
|
||||
{
|
||||
"name": "20614",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/20614"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-3194",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-3194",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060618 singapore gallery <= 0.10.0 Multiple Vulnerabilities",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/437716/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "18518",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/18518"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2457",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2457"
|
||||
},
|
||||
{
|
||||
"name" : "20724",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/20724"
|
||||
},
|
||||
{
|
||||
"name" : "1135",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/1135"
|
||||
},
|
||||
{
|
||||
"name" : "singapore-index-directory-traversal(27325)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27325"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "18518",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/18518"
|
||||
},
|
||||
{
|
||||
"name": "singapore-index-directory-traversal(27325)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27325"
|
||||
},
|
||||
{
|
||||
"name": "20724",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/20724"
|
||||
},
|
||||
{
|
||||
"name": "1135",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/1135"
|
||||
},
|
||||
{
|
||||
"name": "20060618 singapore gallery <= 0.10.0 Multiple Vulnerabilities",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/437716/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2457",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2457"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-3236",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-3236",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html"
|
||||
},
|
||||
{
|
||||
"name" : "18567",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/18567"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2470",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2470"
|
||||
},
|
||||
{
|
||||
"name" : "26742",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/26742"
|
||||
},
|
||||
{
|
||||
"name" : "26743",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/26743"
|
||||
},
|
||||
{
|
||||
"name" : "1016355",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016355"
|
||||
},
|
||||
{
|
||||
"name" : "20747",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/20747"
|
||||
},
|
||||
{
|
||||
"name" : "thinkwms-printarticle-sql-injection(27270)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27270"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "26743",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/26743"
|
||||
},
|
||||
{
|
||||
"name": "18567",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/18567"
|
||||
},
|
||||
{
|
||||
"name": "thinkwms-printarticle-sql-injection(27270)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27270"
|
||||
},
|
||||
{
|
||||
"name": "26742",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/26742"
|
||||
},
|
||||
{
|
||||
"name": "1016355",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016355"
|
||||
},
|
||||
{
|
||||
"name": "20747",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/20747"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2470",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2470"
|
||||
},
|
||||
{
|
||||
"name": "http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-3640",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2006-3640",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS06-042",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
|
||||
},
|
||||
{
|
||||
"name" : "19339",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/19339"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-3212",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/3212"
|
||||
},
|
||||
{
|
||||
"name" : "27850",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/27850"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:171",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
|
||||
},
|
||||
{
|
||||
"name" : "1016663",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016663"
|
||||
},
|
||||
{
|
||||
"name" : "21396",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/21396"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka \"Window Location Information Disclosure Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1016663",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016663"
|
||||
},
|
||||
{
|
||||
"name": "MS06-042",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:171",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A171"
|
||||
},
|
||||
{
|
||||
"name": "19339",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/19339"
|
||||
},
|
||||
{
|
||||
"name": "21396",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/21396"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-3212",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/3212"
|
||||
},
|
||||
{
|
||||
"name": "27850",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/27850"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,117 +1,117 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-3711",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-3711",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
|
||||
},
|
||||
{
|
||||
"name" : "HPSBMA02133",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT061201",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "TA06-200A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
|
||||
},
|
||||
{
|
||||
"name" : "19054",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/19054"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2863",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2863"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-2947",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/2947"
|
||||
},
|
||||
{
|
||||
"name" : "1016529",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016529"
|
||||
},
|
||||
{
|
||||
"name" : "21111",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/21111"
|
||||
},
|
||||
{
|
||||
"name" : "21165",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/21165"
|
||||
},
|
||||
{
|
||||
"name" : "oracle-cpu-july-2006(27897)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1016529",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016529"
|
||||
},
|
||||
{
|
||||
"name": "19054",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/19054"
|
||||
},
|
||||
{
|
||||
"name": "oracle-cpu-july-2006(27897)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
|
||||
},
|
||||
{
|
||||
"name": "21165",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/21165"
|
||||
},
|
||||
{
|
||||
"name": "HPSBMA02133",
|
||||
"refsource": "HP",
|
||||
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2947",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2947"
|
||||
},
|
||||
{
|
||||
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
|
||||
},
|
||||
{
|
||||
"name": "SSRT061201",
|
||||
"refsource": "HP",
|
||||
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name": "TA06-200A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
|
||||
},
|
||||
{
|
||||
"name": "21111",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/21111"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-2863",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/2863"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,107 +1,107 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-3961",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-3961",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.eeye.com/html/research/upcoming/20060719.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.eeye.com/html/research/upcoming/20060719.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.eeye.com/html/research/advisories/AD2006807.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.eeye.com/html/research/advisories/AD2006807.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://ts.mcafeehelp.com/faq3.asp?docid=407052",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
|
||||
},
|
||||
{
|
||||
"name" : "VU#481212",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/481212"
|
||||
},
|
||||
{
|
||||
"name" : "19265",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/19265"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-3096",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/3096"
|
||||
},
|
||||
{
|
||||
"name" : "27698",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/27698"
|
||||
},
|
||||
{
|
||||
"name" : "1016614",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1016614"
|
||||
},
|
||||
{
|
||||
"name" : "21264",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/21264"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "19265",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/19265"
|
||||
},
|
||||
{
|
||||
"name": "http://www.eeye.com/html/research/upcoming/20060719.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.eeye.com/html/research/upcoming/20060719.html"
|
||||
},
|
||||
{
|
||||
"name": "1016614",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1016614"
|
||||
},
|
||||
{
|
||||
"name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name": "27698",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/27698"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-3096",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/3096"
|
||||
},
|
||||
{
|
||||
"name": "http://www.eeye.com/html/research/advisories/AD2006807.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
|
||||
},
|
||||
{
|
||||
"name": "http://ts.mcafeehelp.com/faq3.asp?docid=407052",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
|
||||
},
|
||||
{
|
||||
"name": "21264",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/21264"
|
||||
},
|
||||
{
|
||||
"name": "VU#481212",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/481212"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-4101",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-4101",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-4849",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-4849",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "2383",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/2383"
|
||||
},
|
||||
{
|
||||
"name" : "20070414 true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities",
|
||||
"refsource" : "VIM",
|
||||
"url" : "http://attrition.org/pipermail/vim/2007-April/001523.html"
|
||||
},
|
||||
{
|
||||
"name" : "20078",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/20078"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2006-3656",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2006/3656"
|
||||
},
|
||||
{
|
||||
"name" : "28920",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/28920"
|
||||
},
|
||||
{
|
||||
"name" : "21951",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/21951"
|
||||
},
|
||||
{
|
||||
"name" : "mobilepublisher-header-file-include(28969)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28969"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "21951",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/21951"
|
||||
},
|
||||
{
|
||||
"name": "mobilepublisher-header-file-include(28969)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28969"
|
||||
},
|
||||
{
|
||||
"name": "20078",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/20078"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2006-3656",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2006/3656"
|
||||
},
|
||||
{
|
||||
"name": "20070414 true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities",
|
||||
"refsource": "VIM",
|
||||
"url": "http://attrition.org/pipermail/vim/2007-April/001523.html"
|
||||
},
|
||||
{
|
||||
"name": "28920",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/28920"
|
||||
},
|
||||
{
|
||||
"name": "2383",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/2383"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2006-7251",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2006-7251",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-2097",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-2097",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "HPSBOV02763",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT100826",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SR:2010:017",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SR:2010:018",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"
|
||||
},
|
||||
{
|
||||
"name": "HPSBOV02763",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
|
||||
},
|
||||
{
|
||||
"name": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"
|
||||
},
|
||||
{
|
||||
"name": "SSRT100826",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2010:017",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SR:2010:018",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-2377",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 and 8.50.10 allows remote authenticated users to affect integrity via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2010-2377",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 and 8.50.10 allows remote authenticated users to affect integrity via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-2403",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2010-2403",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,112 +1,112 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-2632",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-2632",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
|
||||
"refsource" : "SREASONRES",
|
||||
"url" : "http://securityreason.com/achievement_securityalert/89"
|
||||
},
|
||||
{
|
||||
"name" : "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion",
|
||||
"refsource" : "SREASONRES",
|
||||
"url" : "http://securityreason.com/achievement_securityalert/97"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.avaya.com/css/P8/documents/100127892",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.avaya.com/css/P8/documents/100127892"
|
||||
},
|
||||
{
|
||||
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"
|
||||
},
|
||||
{
|
||||
"name" : "1024975",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1024975"
|
||||
},
|
||||
{
|
||||
"name" : "42984",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42984"
|
||||
},
|
||||
{
|
||||
"name" : "43433",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/43433"
|
||||
},
|
||||
{
|
||||
"name" : "55212",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/55212"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2011-0151",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2011/0151"
|
||||
},
|
||||
{
|
||||
"name" : "solaris-ftp-dos(64798)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "55212",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/55212"
|
||||
},
|
||||
{
|
||||
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
|
||||
"refsource": "SREASONRES",
|
||||
"url": "http://securityreason.com/achievement_securityalert/89"
|
||||
},
|
||||
{
|
||||
"name": "43433",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/43433"
|
||||
},
|
||||
{
|
||||
"name": "solaris-ftp-dos(64798)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"
|
||||
},
|
||||
{
|
||||
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"
|
||||
},
|
||||
{
|
||||
"name": "42984",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42984"
|
||||
},
|
||||
{
|
||||
"name": "https://support.avaya.com/css/P8/documents/100127892",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.avaya.com/css/P8/documents/100127892"
|
||||
},
|
||||
{
|
||||
"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion",
|
||||
"refsource": "SREASONRES",
|
||||
"url": "http://securityreason.com/achievement_securityalert/97"
|
||||
},
|
||||
{
|
||||
"name": "1024975",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1024975"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2011-0151",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2011/0151"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-2892",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2010-2892",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20101110 CORE-2010-1018 - Landesk OS command injection",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/514728/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "15488",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/15488"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability"
|
||||
},
|
||||
{
|
||||
"name" : "http://community.landesk.com/support/docs/DOC-21767",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://community.landesk.com/support/docs/DOC-21767"
|
||||
},
|
||||
{
|
||||
"name" : "44781",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/44781"
|
||||
},
|
||||
{
|
||||
"name" : "1024728",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1024728"
|
||||
},
|
||||
{
|
||||
"name" : "42188",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42188"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-2957",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/2957"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20101110 CORE-2010-1018 - Landesk OS command injection",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/514728/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "1024728",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1024728"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-2957",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/2957"
|
||||
},
|
||||
{
|
||||
"name": "42188",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42188"
|
||||
},
|
||||
{
|
||||
"name": "http://community.landesk.com/support/docs/DOC-21767",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://community.landesk.com/support/docs/DOC-21767"
|
||||
},
|
||||
{
|
||||
"name": "http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability"
|
||||
},
|
||||
{
|
||||
"name": "44781",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/44781"
|
||||
},
|
||||
{
|
||||
"name": "15488",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/15488"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-2952",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2010-2952",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20100908 Medium security flaw in Apache Traffic Server",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/513598/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc"
|
||||
},
|
||||
{
|
||||
"name" : "http://trafficserver.apache.org/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://trafficserver.apache.org/"
|
||||
},
|
||||
{
|
||||
"name" : "https://issues.apache.org/jira/browse/TS-425",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://issues.apache.org/jira/browse/TS-425"
|
||||
},
|
||||
{
|
||||
"name" : "43111",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/43111"
|
||||
},
|
||||
{
|
||||
"name" : "1024417",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1024417"
|
||||
},
|
||||
{
|
||||
"name" : "41356",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/41356"
|
||||
},
|
||||
{
|
||||
"name" : "apache-traffic-cache-poisoing(61721)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61721"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "43111",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/43111"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.apache.org/jira/browse/TS-425",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.apache.org/jira/browse/TS-425"
|
||||
},
|
||||
{
|
||||
"name": "41356",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/41356"
|
||||
},
|
||||
{
|
||||
"name": "http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc"
|
||||
},
|
||||
{
|
||||
"name": "apache-traffic-cache-poisoing(61721)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61721"
|
||||
},
|
||||
{
|
||||
"name": "1024417",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1024417"
|
||||
},
|
||||
{
|
||||
"name": "http://trafficserver.apache.org/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://trafficserver.apache.org/"
|
||||
},
|
||||
{
|
||||
"name": "20100908 Medium security flaw in Apache Traffic Server",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/513598/100/0/threaded"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-3714",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2010-3714",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "15856",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/15856"
|
||||
},
|
||||
{
|
||||
"name" : "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2121",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2010/dsa-2121"
|
||||
},
|
||||
{
|
||||
"name" : "43786",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/43786"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "43786",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/43786"
|
||||
},
|
||||
{
|
||||
"name": "15856",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/15856"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2121",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2010/dsa-2121"
|
||||
},
|
||||
{
|
||||
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
|
||||
},
|
||||
{
|
||||
"name": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,107 +1,107 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-3786",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2010-3786",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20101111 Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability",
|
||||
"refsource" : "IDEFENSE",
|
||||
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=881"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4435",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4435"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4456",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4456"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT5004",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT5004"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-11-10-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2010-11-22-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2011-10-12-6",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name" : "1024723",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1024723"
|
||||
},
|
||||
{
|
||||
"name" : "42314",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42314"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-3046",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/3046"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1024723",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1024723"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4435",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4435"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-3046",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/3046"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-11-10-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "20101111 Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability",
|
||||
"refsource": "IDEFENSE",
|
||||
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=881"
|
||||
},
|
||||
{
|
||||
"name": "42314",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42314"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4456",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4456"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5004",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5004"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2010-11-22-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2011-10-12-6",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00006.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2010-3926",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2010-3926",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://wb-i.net/soft1.HTML",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://wb-i.net/soft1.HTML"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#86347943",
|
||||
"refsource" : "JVN",
|
||||
"url" : "http://jvn.jp/jp/JVN86347943/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "JVNDB-2011-000002",
|
||||
"refsource" : "JVNDB",
|
||||
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000002.html"
|
||||
},
|
||||
{
|
||||
"name" : "45752",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/45752"
|
||||
},
|
||||
{
|
||||
"name" : "70410",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/70410"
|
||||
},
|
||||
{
|
||||
"name" : "42857",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/42857"
|
||||
},
|
||||
{
|
||||
"name" : "sgxsp-shop-xss(64593)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64593"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "70410",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/70410"
|
||||
},
|
||||
{
|
||||
"name": "42857",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/42857"
|
||||
},
|
||||
{
|
||||
"name": "http://wb-i.net/soft1.HTML",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wb-i.net/soft1.HTML"
|
||||
},
|
||||
{
|
||||
"name": "sgxsp-shop-xss(64593)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64593"
|
||||
},
|
||||
{
|
||||
"name": "45752",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/45752"
|
||||
},
|
||||
{
|
||||
"name": "JVNDB-2011-000002",
|
||||
"refsource": "JVNDB",
|
||||
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000002.html"
|
||||
},
|
||||
{
|
||||
"name": "JVN#86347943",
|
||||
"refsource": "JVN",
|
||||
"url": "http://jvn.jp/jp/JVN86347943/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-0141",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2011-0141",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4554",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4554"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4564",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4564"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT4566",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT4566"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2011-03-02-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2011-03-09-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2011-03-09-2",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:16730",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16730"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4564",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4564"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4566",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4566"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2011-03-02-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2011-03-09-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT4554",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT4554"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2011-03-09-2",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:16730",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16730"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1209",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a \"decryption attack.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2011-1209",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24029632",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24029632"
|
||||
},
|
||||
{
|
||||
"name" : "PM34841",
|
||||
"refsource" : "AIXAPAR",
|
||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM34841"
|
||||
},
|
||||
{
|
||||
"name" : "was-xmlencryption-weak-security(67115)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67115"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a \"decryption attack.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "was-xmlencryption-weak-security(67115)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67115"
|
||||
},
|
||||
{
|
||||
"name": "PM34841",
|
||||
"refsource": "AIXAPAR",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM34841"
|
||||
},
|
||||
{
|
||||
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24029632",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029632"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1267",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka \"SMB Request Parsing Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2011-1267",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS11-048",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-048"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:12654",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12654"
|
||||
},
|
||||
{
|
||||
"name" : "ms-win-smbrequest-dos(67724)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67724"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka \"SMB Request Parsing Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ms-win-smbrequest-dos(67724)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67724"
|
||||
},
|
||||
{
|
||||
"name": "MS11-048",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-048"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:12654",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12654"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1452",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2011-1452",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://code.google.com/p/chromium/issues/detail?id=77786",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://code.google.com/p/chromium/issues/detail?id=77786"
|
||||
},
|
||||
{
|
||||
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:14759",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14759"
|
||||
},
|
||||
{
|
||||
"name" : "chrome-manual-reload-spoofing(67159)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67159"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:14759",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14759"
|
||||
},
|
||||
{
|
||||
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
|
||||
},
|
||||
{
|
||||
"name": "chrome-manual-reload-spoofing(67159)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67159"
|
||||
},
|
||||
{
|
||||
"name": "http://code.google.com/p/chromium/issues/detail?id=77786",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://code.google.com/p/chromium/issues/detail?id=77786"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1616",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2011-1616",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1630",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2011-1630",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1892",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2011-1892",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS11-074",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
|
||||
},
|
||||
{
|
||||
"name" : "TA11-256A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:12907",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
|
||||
},
|
||||
{
|
||||
"name" : "8386",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/8386"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MS11-074",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
|
||||
},
|
||||
{
|
||||
"name": "8386",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/8386"
|
||||
},
|
||||
{
|
||||
"name": "TA11-256A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:12907",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,192 +1,192 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-1910",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2011-1910",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=708301",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=708301"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.isc.org/software/bind/advisories/cve-2011-1910",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.isc.org/software/bind/advisories/cve-2011-1910"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.apple.com/kb/HT5002",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/kb/HT5002"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2011-10-12-3",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2244",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2011/dsa-2244"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2011-7617",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2011-7602",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2011-7621",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html"
|
||||
},
|
||||
{
|
||||
"name" : "FreeBSD-SA-11:02",
|
||||
"refsource" : "FREEBSD",
|
||||
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
|
||||
},
|
||||
{
|
||||
"name" : "HPSBUX03235",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "SSRT101750",
|
||||
"refsource" : "HP",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2011:104",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:104"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2011:0845",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0845.html"
|
||||
},
|
||||
{
|
||||
"name" : "SSA:2011-147-01",
|
||||
"refsource" : "SLACKWARE",
|
||||
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.685026"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2011:0603",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "https://hermes.opensuse.org/messages/8699912"
|
||||
},
|
||||
{
|
||||
"name" : "VU#795694",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/795694"
|
||||
},
|
||||
{
|
||||
"name" : "48007",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/48007"
|
||||
},
|
||||
{
|
||||
"name" : "72540",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/72540"
|
||||
},
|
||||
{
|
||||
"name" : "1025572",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1025572"
|
||||
},
|
||||
{
|
||||
"name" : "44719",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44719"
|
||||
},
|
||||
{
|
||||
"name" : "44741",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44741"
|
||||
},
|
||||
{
|
||||
"name" : "44744",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44744"
|
||||
},
|
||||
{
|
||||
"name" : "44758",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44758"
|
||||
},
|
||||
{
|
||||
"name" : "44762",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44762"
|
||||
},
|
||||
{
|
||||
"name" : "44677",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44677"
|
||||
},
|
||||
{
|
||||
"name" : "44783",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44783"
|
||||
},
|
||||
{
|
||||
"name" : "44929",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/44929"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#795694",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/795694"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2011:104",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:104"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=708301",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=708301"
|
||||
},
|
||||
{
|
||||
"name": "44677",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44677"
|
||||
},
|
||||
{
|
||||
"name": "48007",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/48007"
|
||||
},
|
||||
{
|
||||
"name": "HPSBUX03235",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
|
||||
},
|
||||
{
|
||||
"name": "44929",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44929"
|
||||
},
|
||||
{
|
||||
"name": "SSA:2011-147-01",
|
||||
"refsource": "SLACKWARE",
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.685026"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2011:0603",
|
||||
"refsource": "SUSE",
|
||||
"url": "https://hermes.opensuse.org/messages/8699912"
|
||||
},
|
||||
{
|
||||
"name": "44783",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44783"
|
||||
},
|
||||
{
|
||||
"name": "44719",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44719"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2244",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2011/dsa-2244"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2011-7621",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html"
|
||||
},
|
||||
{
|
||||
"name": "72540",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/72540"
|
||||
},
|
||||
{
|
||||
"name": "44741",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44741"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2011-10-12-3",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "FreeBSD-SA-11:02",
|
||||
"refsource": "FREEBSD",
|
||||
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2011:0845",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2011-0845.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2011-7602",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html"
|
||||
},
|
||||
{
|
||||
"name": "44744",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44744"
|
||||
},
|
||||
{
|
||||
"name": "https://www.isc.org/software/bind/advisories/cve-2011-1910",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.isc.org/software/bind/advisories/cve-2011-1910"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/kb/HT5002",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/kb/HT5002"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2011-7617",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html"
|
||||
},
|
||||
{
|
||||
"name": "SSRT101750",
|
||||
"refsource": "HP",
|
||||
"url": "http://marc.info/?l=bugtraq&m=142180687100892&w=2"
|
||||
},
|
||||
{
|
||||
"name": "44762",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44762"
|
||||
},
|
||||
{
|
||||
"name": "44758",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/44758"
|
||||
},
|
||||
{
|
||||
"name": "1025572",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1025572"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2011-5026",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2011-5026",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "18290",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/18290"
|
||||
},
|
||||
{
|
||||
"name" : "http://code.google.com/p/winn-guestbook/issues/detail?id=34",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://code.google.com/p/winn-guestbook/issues/detail?id=34"
|
||||
},
|
||||
{
|
||||
"name" : "78070",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/78070"
|
||||
},
|
||||
{
|
||||
"name" : "47391",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/47391"
|
||||
},
|
||||
{
|
||||
"name" : "winnguestbook-functions-xss(72025)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72025"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "winnguestbook-functions-xss(72025)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72025"
|
||||
},
|
||||
{
|
||||
"name": "http://code.google.com/p/winn-guestbook/issues/detail?id=34",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://code.google.com/p/winn-guestbook/issues/detail?id=34"
|
||||
},
|
||||
{
|
||||
"name": "78070",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/78070"
|
||||
},
|
||||
{
|
||||
"name": "18290",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/18290"
|
||||
},
|
||||
{
|
||||
"name": "47391",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/47391"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-3053",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"ID": "CVE-2014-3053",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676700",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
|
||||
},
|
||||
{
|
||||
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676389",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
|
||||
},
|
||||
{
|
||||
"name" : "IV61557",
|
||||
"refsource" : "AIXAPAR",
|
||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
|
||||
},
|
||||
{
|
||||
"name" : "68132",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/68132"
|
||||
},
|
||||
{
|
||||
"name" : "59438",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/59438"
|
||||
},
|
||||
{
|
||||
"name" : "59381",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/59381"
|
||||
},
|
||||
{
|
||||
"name" : "ibm-isam-cve20143053-credentials(93501)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ibm-isam-cve20143053-credentials(93501)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"
|
||||
},
|
||||
{
|
||||
"name": "59381",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59381"
|
||||
},
|
||||
{
|
||||
"name": "IV61557",
|
||||
"refsource": "AIXAPAR",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"
|
||||
},
|
||||
{
|
||||
"name": "59438",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59438"
|
||||
},
|
||||
{
|
||||
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700"
|
||||
},
|
||||
{
|
||||
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389"
|
||||
},
|
||||
{
|
||||
"name": "68132",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68132"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,122 +1,122 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-3583",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3583",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://httpd.apache.org/security/vulnerabilities_24.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://httpd.apache.org/security/vulnerabilities_24.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1638818",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1638818"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163555",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163555"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/kb/HT205031",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/kb/HT205031"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT205219",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT205219"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-08-13-2",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-09-16-4",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201701-36",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201701-36"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2015:1855",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1855.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2015:1858",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2015:1858"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2523-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2523-1"
|
||||
},
|
||||
{
|
||||
"name" : "71657",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/71657"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163555",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163555"
|
||||
},
|
||||
{
|
||||
"name": "USN-2523-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2523-1"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.apache.org/viewvc?view=revision&revision=1638818",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.apache.org/viewvc?view=revision&revision=1638818"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-08-13-2",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:1855",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-1855.html"
|
||||
},
|
||||
{
|
||||
"name": "71657",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/71657"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/kb/HT205031",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/kb/HT205031"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-09-16-4",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:1858",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:1858"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT205219",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT205219"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201701-36",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201701-36"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-3717",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-3717",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20140514 Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/4"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20140515 Re: Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/6"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20140516 Xen Security Advisory 95 (CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717) - input handling vulnerabilities loading guest kernel on ARM",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2014/05/16/1"
|
||||
},
|
||||
{
|
||||
"name" : "http://xenbits.xen.org/xsa/advisory-95.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://xenbits.xen.org/xsa/advisory-95.html"
|
||||
},
|
||||
{
|
||||
"name" : "1030252",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1030252"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://xenbits.xen.org/xsa/advisory-95.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://xenbits.xen.org/xsa/advisory-95.html"
|
||||
},
|
||||
{
|
||||
"name": "1030252",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1030252"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140514 Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/4"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140516 Xen Security Advisory 95 (CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717) - input handling vulnerabilities loading guest kernel on ARM",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/05/16/1"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140515 Re: Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-6668",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The African Radios Live (aka com.nana.africanradioslive) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2014-6668",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name" : "VU#207001",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/207001"
|
||||
},
|
||||
{
|
||||
"name" : "VU#582497",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/582497"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The African Radios Live (aka com.nana.africanradioslive) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#582497",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/582497"
|
||||
},
|
||||
{
|
||||
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name": "VU#207001",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/207001"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-6938",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2014-6938",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name" : "VU#242289",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/242289"
|
||||
},
|
||||
{
|
||||
"name" : "VU#582497",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/582497"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#242289",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/242289"
|
||||
},
|
||||
{
|
||||
"name": "VU#582497",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/582497"
|
||||
},
|
||||
{
|
||||
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-7004",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The PETA (aka com.peta.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2014-7004",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name" : "VU#582497",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/582497"
|
||||
},
|
||||
{
|
||||
"name" : "VU#896833",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/896833"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The PETA (aka com.peta.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#582497",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/582497"
|
||||
},
|
||||
{
|
||||
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name": "VU#896833",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/896833"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-7577",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2014-7577",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name" : "VU#177521",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/177521"
|
||||
},
|
||||
{
|
||||
"name" : "VU#582497",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/582497"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#177521",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/177521"
|
||||
},
|
||||
{
|
||||
"name": "VU#582497",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/582497"
|
||||
},
|
||||
{
|
||||
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-7786",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2014-7786",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
},
|
||||
{
|
||||
"name" : "VU#510249",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/510249"
|
||||
},
|
||||
{
|
||||
"name" : "VU#582497",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/582497"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "VU#510249",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/510249"
|
||||
},
|
||||
{
|
||||
"name": "VU#582497",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/582497"
|
||||
},
|
||||
{
|
||||
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-7965",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-7965",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-8072",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-8072",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html"
|
||||
},
|
||||
{
|
||||
"name" : "70664",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/70664"
|
||||
},
|
||||
{
|
||||
"name" : "openmrs-cve20148072-access-bypass(97693)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97693"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html"
|
||||
},
|
||||
{
|
||||
"name": "openmrs-cve20148072-access-bypass(97693)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97693"
|
||||
},
|
||||
{
|
||||
"name": "70664",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/70664"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-8345",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-8345",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-8824",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2014-8824",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://support.apple.com/HT204244",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.apple.com/HT204244"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-01-27-4",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "1031650",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1031650"
|
||||
},
|
||||
{
|
||||
"name" : "macosx-cve20148824-priv-esc(100516)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100516"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1031650",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1031650"
|
||||
},
|
||||
{
|
||||
"name": "http://support.apple.com/HT204244",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.apple.com/HT204244"
|
||||
},
|
||||
{
|
||||
"name": "macosx-cve20148824-priv-esc(100516)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100516"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-01-27-4",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,122 +1,122 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2014-8891",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"ID": "CVE-2014-8891",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1189142",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1189142"
|
||||
},
|
||||
{
|
||||
"name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2015:0136",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0136.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2015:0264",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0304",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0306",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0343",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0344",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0345",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0376",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:0392",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SU-2015:1073",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0136",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0376",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0264",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0392",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0345",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0343",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html"
|
||||
},
|
||||
{
|
||||
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0306",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:1073",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0344",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1189142",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189142"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0304",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-2015",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-2015",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
|
||||
},
|
||||
{
|
||||
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
|
||||
},
|
||||
{
|
||||
"name" : "1035775",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1035775"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
|
||||
},
|
||||
{
|
||||
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
|
||||
},
|
||||
{
|
||||
"name": "1035775",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1035775"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-2711",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2016-2711",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-2780",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-2780",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160302-01-utps-en",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160302-01-utps-en"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160302-01-utps-en",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160302-01-utps-en"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2016-6476",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2016-6476",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-18099",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-18099",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,94 +1,94 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "psirt@us.ibm.com",
|
||||
"DATE_PUBLIC" : "2017-06-26T00:00:00",
|
||||
"ID" : "CVE-2017-1106",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Cram Social Program Management",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "6.0.4"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.0.5"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.0"
|
||||
},
|
||||
{
|
||||
"version_value" : "5.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.1.0"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.1.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.2.0"
|
||||
},
|
||||
{
|
||||
"version_value" : "7.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "IBM"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-Site Scripting"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"DATE_PUBLIC": "2017-06-26T00:00:00",
|
||||
"ID": "CVE-2017-1106",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cram Social Program Management",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "6.0.4"
|
||||
},
|
||||
{
|
||||
"version_value": "6.0.5"
|
||||
},
|
||||
{
|
||||
"version_value": "6.0"
|
||||
},
|
||||
{
|
||||
"version_value": "5.2"
|
||||
},
|
||||
{
|
||||
"version_value": "6.1.0"
|
||||
},
|
||||
{
|
||||
"version_value": "6.1.1"
|
||||
},
|
||||
{
|
||||
"version_value": "6.2.0"
|
||||
},
|
||||
{
|
||||
"version_value": "7.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "IBM"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004580",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004580"
|
||||
},
|
||||
{
|
||||
"name" : "99306",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/99306"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Scripting"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "99306",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/99306"
|
||||
},
|
||||
{
|
||||
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004580",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
|
||||
},
|
||||
{
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744",
|
||||
"refsource": "MISC",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@google.com",
|
||||
"ID" : "CVE-2017-5132",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Google Chrome prior to 62.0.3202.62",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Google Chrome prior to 62.0.3202.62"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Inappropriate implementation"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@google.com",
|
||||
"ID": "CVE-2017-5132",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Google Chrome prior to 62.0.3202.62",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Google Chrome prior to 62.0.3202.62"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://crbug.com/718858",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://crbug.com/718858"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-4020",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "https://www.debian.org/security/2017/dsa-4020"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201710-24",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201710-24"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2017:2997",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2997"
|
||||
},
|
||||
{
|
||||
"name" : "101482",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/101482"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Inappropriate implementation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "101482",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/101482"
|
||||
},
|
||||
{
|
||||
"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-4020",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "https://www.debian.org/security/2017/dsa-4020"
|
||||
},
|
||||
{
|
||||
"name": "https://crbug.com/718858",
|
||||
"refsource": "MISC",
|
||||
"url": "https://crbug.com/718858"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2017:2997",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2017:2997"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201710-24",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201710-24"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-5474",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-5474",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
|
||||
},
|
||||
{
|
||||
"name" : "95652",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/95652"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
|
||||
},
|
||||
{
|
||||
"name": "95652",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/95652"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-5543",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-5543",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/intelliants/subrion/issues/297",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/intelliants/subrion/issues/297"
|
||||
},
|
||||
{
|
||||
"name" : "95688",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/95688"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/intelliants/subrion/issues/297",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/intelliants/subrion/issues/297"
|
||||
},
|
||||
{
|
||||
"name": "95688",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/95688"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-5672",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-5672",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/142012/Kony-EMM-4.2.0-Private-Key-Disclosure.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/142012/Kony-EMM-4.2.0-Private-Key-Disclosure.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/142012/Kony-EMM-4.2.0-Private-Key-Disclosure.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/142012/Kony-EMM-4.2.0-Private-Key-Disclosure.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user