admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:03:54 +00:00
parent 98c016d997
commit 971edc1c4b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4345 additions and 4345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
2006/0xxx/CVE-2006-0481.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455"
},
{
"name" : "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt"
},
{
"name" : "GLSA-200812-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name" : "RHSA-2006:0205",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0205.html"
},
{
"name" : "16626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16626"
},
{
"name" : "oval:org.mitre.oval:def:10780",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780"
},
{
"name" : "ADV-2006-0393",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0393"
},
{
"name" : "1015615",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015615"
},
{
"name" : "1015617",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015617"
},
{
"name" : "18654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18654"
},
{
"name" : "18863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18863"
},
{
"name" : "33137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33137"
},
{
"name" : "libpng-pngsetstripalpha-bo(24396)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0205",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0205.html"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455"
},
{
"name": "libpng-pngsetstripalpha-bo(24396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24396"
},
{
"name": "1015617",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015617"
},
{
"name": "oval:org.mitre.oval:def:10780",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10780"
},
{
"name": "ADV-2006-0393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0393"
},
{
"name": "18654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18654"
},
{
"name": "GLSA-200812-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "1015615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015615"
},
{
"name": "33137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33137"
},
{
"name": "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt"
},
{
"name": "18863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18863"
},
{
"name": "16626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16626"
}
]
}
}

160
2006/0xxx/CVE-2006-0682.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://e107.org/comment.php?comment.news.776",
"refsource" : "CONFIRM",
"url" : "http://e107.org/comment.php?comment.news.776"
},
{
"name" : "16614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16614"
},
{
"name" : "ADV-2006-0540",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0540"
},
{
"name" : "18816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18816"
},
{
"name" : "e107-bbcode-xss(24625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16614"
},
{
"name": "http://e107.org/comment.php?comment.news.776",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.776"
},
{
"name": "ADV-2006-0540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0540"
},
{
"name": "18816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18816"
},
{
"name": "e107-bbcode-xss(24625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24625"
}
]
}
}

170
2006/3xxx/CVE-2006-3092.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437025/100/0/threaded"
},
{
"name" : "http://www.acid-root.new.fr/advisories/phpmyfactures.txt",
"refsource" : "MISC",
"url" : "http://www.acid-root.new.fr/advisories/phpmyfactures.txt"
},
{
"name" : "26477",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26477"
},
{
"name" : "20642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20642"
},
{
"name" : "1111",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1111"
},
{
"name" : "phpmyfactures-multiple-data-manipulation(27206)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26477",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26477"
},
{
"name": "phpmyfactures-multiple-data-manipulation(27206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27206"
},
{
"name": "20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437025/100/0/threaded"
},
{
"name": "20642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20642"
},
{
"name": "http://www.acid-root.new.fr/advisories/phpmyfactures.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/phpmyfactures.txt"
},
{
"name": "1111",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1111"
}
]
}
}

170
2006/3xxx/CVE-2006-3165.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html"
},
{
"name" : "18531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18531"
},
{
"name" : "ADV-2006-2432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2432"
},
{
"name" : "26667",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26667"
},
{
"name" : "20705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20705"
},
{
"name" : "freerealty-propview-sql-injection(27252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2432"
},
{
"name": "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/free-realty-vuln.html"
},
{
"name": "20705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20705"
},
{
"name": "26667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26667"
},
{
"name": "18531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18531"
},
{
"name": "freerealty-propview-sql-injection(27252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27252"
}
]
}
}

200
2006/3xxx/CVE-2006-3861.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060814 Informix - Discovery, Attack and Defense",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
},
{
"name" : "20060814 Unauthorized Database Creation Privilege on Informix",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
},
{
"name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
"refsource" : "MISC",
"url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
},
{
"name" : "19264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19264"
},
{
"name" : "ADV-2006-3077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3077"
},
{
"name" : "27692",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27692"
},
{
"name" : "21301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21301"
},
{
"name" : "informix-database-insecure-permission(28148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060814 Unauthorized Database Creation Privilege on Informix",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
},
{
"name": "20060814 Informix - Discovery, Attack and Defense",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
},
{
"name": "27692",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27692"
},
{
"name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
"refsource": "MISC",
"url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
},
{
"name": "informix-database-insecure-permission(28148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
},
{
"name": "21301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21301"
},
{
"name": "19264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19264"
},
{
"name": "ADV-2006-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3077"
}
]
}
}

210
2006/4xxx/CVE-2006-4154.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061013 Apache HTTP Server mod_tcl set_var Format String Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421"
},
{
"name" : "GLSA-200610-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200610-12.xml"
},
{
"name" : "VU#366020",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/366020"
},
{
"name" : "20527",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20527"
},
{
"name" : "ADV-2006-4033",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4033"
},
{
"name" : "29536",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29536"
},
{
"name" : "1017062",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017062"
},
{
"name" : "22458",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22458"
},
{
"name" : "22549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22549"
},
{
"name" : "modtcl-setvar-format-string(29550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20527"
},
{
"name": "1017062",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017062"
},
{
"name": "22549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22549"
},
{
"name": "29536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29536"
},
{
"name": "20061013 Apache HTTP Server mod_tcl set_var Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421"
},
{
"name": "ADV-2006-4033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4033"
},
{
"name": "GLSA-200610-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-12.xml"
},
{
"name": "22458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22458"
},
{
"name": "modtcl-setvar-format-string(29550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29550"
},
{
"name": "VU#366020",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/366020"
}
]
}
}

170
2006/4xxx/CVE-2006-4361.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060821 Diesel Job Site forgot.php Cross-Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443926/100/0/threaded"
},
{
"name" : "ADV-2006-3345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3345"
},
{
"name" : "28073",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28073"
},
{
"name" : "21589",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21589"
},
{
"name" : "1453",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1453"
},
{
"name" : "jobsite-forgot-xss(28494)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28494"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1453",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1453"
},
{
"name": "jobsite-forgot-xss(28494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28494"
},
{
"name": "20060821 Diesel Job Site forgot.php Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443926/100/0/threaded"
},
{
"name": "28073",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28073"
},
{
"name": "21589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21589"
},
{
"name": "ADV-2006-3345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3345"
}
]
}
}

370
2006/4xxx/CVE-2006-4812.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448014/100/0/threaded"
},
{
"name" : "http://www.hardened-php.net/files/CVE-2006-4812.patch",
"refsource" : "CONFIRM",
"url" : "http://www.hardened-php.net/files/CVE-2006-4812.patch"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162"
},
{
"name" : "http://www.hardened-php.net/advisory_092006.133.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_092006.133.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm"
},
{
"name" : "GLSA-200610-14",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml"
},
{
"name" : "OpenPKG-SA-2006.023",
"refsource" : "OPENPKG",
"url" : "http://www.securityfocus.com/archive/1/448953/100/0/threaded"
},
{
"name" : "RHSA-2006:0708",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0708.html"
},
{
"name" : "RHSA-2006:0688",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0688.html"
},
{
"name" : "SUSE-SA:2006:059",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html"
},
{
"name" : "2006-0055",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0055"
},
{
"name" : "USN-362-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-362-1"
},
{
"name" : "20349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20349"
},
{
"name" : "ADV-2006-3922",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3922"
},
{
"name" : "1016984",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016984"
},
{
"name" : "22280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22280"
},
{
"name" : "22281",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22281"
},
{
"name" : "22338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22338"
},
{
"name" : "22533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22533"
},
{
"name" : "22650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22650"
},
{
"name" : "22538",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22538"
},
{
"name" : "22331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22331"
},
{
"name" : "22300",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22300"
},
{
"name" : "1691",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1691"
},
{
"name" : "php-ecalloc-integer-overflow(29362)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22300"
},
{
"name": "22650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22650"
},
{
"name": "1016984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016984"
},
{
"name": "22281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22281"
},
{
"name": "22338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22338"
},
{
"name": "20349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20349"
},
{
"name": "OpenPKG-SA-2006.023",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/448953/100/0/threaded"
},
{
"name": "GLSA-200610-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml"
},
{
"name": "2006-0055",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0055"
},
{
"name": "RHSA-2006:0688",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html"
},
{
"name": "USN-362-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-362-1"
},
{
"name": "RHSA-2006:0708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0708.html"
},
{
"name": "22538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22538"
},
{
"name": "1691",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1691"
},
{
"name": "http://www.hardened-php.net/advisory_092006.133.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_092006.133.html"
},
{
"name": "22533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22533"
},
{
"name": "http://www.hardened-php.net/files/CVE-2006-4812.patch",
"refsource": "CONFIRM",
"url": "http://www.hardened-php.net/files/CVE-2006-4812.patch"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm"
},
{
"name": "php-ecalloc-integer-overflow(29362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29362"
},
{
"name": "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162"
},
{
"name": "SUSE-SA:2006:059",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html"
},
{
"name": "20061009 Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448014/100/0/threaded"
},
{
"name": "22331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22331"
},
{
"name": "ADV-2006-3922",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3922"
},
{
"name": "22280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22280"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm"
}
]
}
}

190
2006/6xxx/CVE-2006-6475.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454712/100/0/threaded"
},
{
"name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt",
"refsource" : "MISC",
"url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"
},
{
"name" : "http://www.mandiant.com/firstresponse.htm",
"refsource" : "CONFIRM",
"url" : "http://www.mandiant.com/firstresponse.htm"
},
{
"name" : "21548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21548"
},
{
"name" : "ADV-2006-5061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5061"
},
{
"name" : "1017394",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017394"
},
{
"name" : "23393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23393"
},
{
"name" : "2052",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mandiant.com/firstresponse.htm",
"refsource": "CONFIRM",
"url": "http://www.mandiant.com/firstresponse.htm"
},
{
"name": "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded"
},
{
"name": "23393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23393"
},
{
"name": "ADV-2006-5061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5061"
},
{
"name": "21548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21548"
},
{
"name": "2052",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2052"
},
{
"name": "1017394",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017394"
},
{
"name": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"
}
]
}
}

120
2006/7xxx/CVE-2006-7091.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20486"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20486"
}
]
}
}

140
2010/2xxx/CVE-2010-2104.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100519 Secunia Research: Orbit Downloader metalink \"name\" Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511348/100/100/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-73/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-73/"
},
{
"name" : "39527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2010-73/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-73/"
},
{
"name": "39527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39527"
},
{
"name": "20100519 Secunia Research: Orbit Downloader metalink \"name\" Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511348/100/100/threaded"
}
]
}
}

180
2010/2xxx/CVE-2010-2206.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100630 Secunia Research: Adobe Reader GIF Image Parsing Array-Indexing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512092/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-88/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-88/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "41241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41241"
},
{
"name" : "oval:org.mitre.oval:def:7200",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "20100630 Secunia Research: Adobe Reader GIF Image Parsing Array-Indexing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512092/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2010-88/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-88/"
},
{
"name": "oval:org.mitre.oval:def:7200",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7200"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
},
{
"name": "41241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41241"
}
]
}
}

120
2010/2xxx/CVE-2010-2376.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

180
2010/2xxx/CVE-2010-2432.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cups.org/articles.php?L596",
"refsource" : "CONFIRM",
"url" : "http://cups.org/articles.php?L596"
},
{
"name" : "http://cups.org/str.php?L3518",
"refsource" : "CONFIRM",
"url" : "http://cups.org/str.php?L3518"
},
{
"name" : "DSA-2176",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2176"
},
{
"name" : "GLSA-201207-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name" : "MDVSA-2011:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"name" : "43521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43521"
},
{
"name" : "ADV-2011-0535",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cups.org/str.php?L3518",
"refsource": "CONFIRM",
"url": "http://cups.org/str.php?L3518"
},
{
"name": "http://cups.org/articles.php?L596",
"refsource": "CONFIRM",
"url": "http://cups.org/articles.php?L596"
},
{
"name": "DSA-2176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2176"
},
{
"name": "GLSA-201207-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name": "MDVSA-2011:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"name": "ADV-2011-0535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0535"
},
{
"name": "43521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43521"
}
]
}
}

150
2010/2xxx/CVE-2010-2517.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PM07157",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
},
{
"name" : "41205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41205"
},
{
"name" : "40341",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40341"
},
{
"name" : "ADV-2010-1615",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1615"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40341"
},
{
"name": "ADV-2010-1615",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1615"
},
{
"name": "41205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41205"
},
{
"name": "PM07157",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157"
}
]
}
}

160
2010/3xxx/CVE-2010-3153.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100825 Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513340/100/0/threaded"
},
{
"name" : "14775",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14775/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-24.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-24.html"
},
{
"name" : "1024612",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024612"
},
{
"name" : "41126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-24.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-24.html"
},
{
"name": "41126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41126"
},
{
"name": "1024612",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024612"
},
{
"name": "20100825 Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513340/100/0/threaded"
},
{
"name": "14775",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14775/"
}
]
}
}

160
2010/3xxx/CVE-2010-3227.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka \"Windows MFC Document Title Updating Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13921",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13921/"
},
{
"name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)",
"refsource" : "MISC",
"url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)"
},
{
"name" : "MS10-074",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-074"
},
{
"name" : "oval:org.mitre.oval:def:6696",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6696"
},
{
"name" : "1024557",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024557"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka \"Windows MFC Document Title Updating Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024557",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024557"
},
{
"name": "oval:org.mitre.oval:def:6696",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6696"
},
{
"name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)",
"refsource": "MISC",
"url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100705-(1)"
},
{
"name": "13921",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13921/"
},
{
"name": "MS10-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-074"
}
]
}
}

230
2011/0xxx/CVE-2011-0015.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)",
"refsource" : "MLIST",
"url" : "http://archives.seul.org/or/announce/Jan-2011/msg00000.html"
},
{
"name" : "[oss-security] 20110118 Re: CVE request: tor",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/18/7"
},
{
"name" : "http://blog.torproject.org/blog/tor-02129-released-security-patches",
"refsource" : "CONFIRM",
"url" : "http://blog.torproject.org/blog/tor-02129-released-security-patches"
},
{
"name" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog"
},
{
"name" : "https://trac.torproject.org/projects/tor/ticket/2324",
"refsource" : "CONFIRM",
"url" : "https://trac.torproject.org/projects/tor/ticket/2324"
},
{
"name" : "DSA-2148",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2148"
},
{
"name" : "45832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45832"
},
{
"name" : "1024980",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024980"
},
{
"name" : "42907",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42907"
},
{
"name" : "42905",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42905"
},
{
"name" : "ADV-2011-0131",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0131"
},
{
"name" : "ADV-2011-0132",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)",
"refsource": "MLIST",
"url": "http://archives.seul.org/or/announce/Jan-2011/msg00000.html"
},
{
"name": "ADV-2011-0131",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0131"
},
{
"name": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog",
"refsource": "CONFIRM",
"url": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog"
},
{
"name": "https://trac.torproject.org/projects/tor/ticket/2324",
"refsource": "CONFIRM",
"url": "https://trac.torproject.org/projects/tor/ticket/2324"
},
{
"name": "42907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42907"
},
{
"name": "http://blog.torproject.org/blog/tor-02129-released-security-patches",
"refsource": "CONFIRM",
"url": "http://blog.torproject.org/blog/tor-02129-released-security-patches"
},
{
"name": "1024980",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024980"
},
{
"name": "ADV-2011-0132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0132"
},
{
"name": "DSA-2148",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2148"
},
{
"name": "42905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42905"
},
{
"name": "[oss-security] 20110118 Re: CVE request: tor",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/18/7"
},
{
"name": "45832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45832"
}
]
}
}

280
2011/0xxx/CVE-2011-0444.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-01.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-02.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530"
},
{
"name" : "FEDORA-2011-0450",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053650.html"
},
{
"name" : "FEDORA-2011-0460",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html"
},
{
"name" : "MDVSA-2011:007",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:007"
},
{
"name" : "RHSA-2011:0369",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0369.html"
},
{
"name" : "45775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45775"
},
{
"name" : "70403",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70403"
},
{
"name" : "oval:org.mitre.oval:def:14283",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14283"
},
{
"name" : "43175",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43175"
},
{
"name" : "ADV-2011-0079",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0079"
},
{
"name" : "ADV-2011-0104",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0104"
},
{
"name" : "ADV-2011-0270",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0270"
},
{
"name" : "ADV-2011-0719",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0719"
},
{
"name" : "wireshark-maclte-bo(64624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43175"
},
{
"name": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-01.html"
},
{
"name": "MDVSA-2011:007",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:007"
},
{
"name": "ADV-2011-0270",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0270"
},
{
"name": "45775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45775"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-02.html"
},
{
"name": "wireshark-maclte-bo(64624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64624"
},
{
"name": "ADV-2011-0719",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0719"
},
{
"name": "FEDORA-2011-0450",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053650.html"
},
{
"name": "ADV-2011-0079",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0079"
},
{
"name": "FEDORA-2011-0460",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html"
},
{
"name": "ADV-2011-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0104"
},
{
"name": "RHSA-2011:0369",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0369.html"
},
{
"name": "oval:org.mitre.oval:def:14283",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14283"
},
{
"name": "70403",
"refsource": "OSVDB",
"url": "http://osvdb.org/70403"
}
]
}
}

210
2011/0xxx/CVE-2011-0990.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource" : "MLIST",
"url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name" : "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name" : "http://www.mono-project.com/Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://www.mono-project.com/Vulnerabilities"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name" : "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
"refsource" : "CONFIRM",
"url" : "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name" : "47208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47208"
},
{
"name" : "44002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44002"
},
{
"name" : "44076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44076"
},
{
"name" : "ADV-2011-0904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name" : "momo-arraycopy-security-bypass(66625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}

160
2011/1xxx/CVE-2011-1396.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666"
},
{
"name" : "IV09190",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
},
{
"name" : "52333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52333"
},
{
"name" : "48299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48299"
},
{
"name" : "maximo-reporttype-xss(71999)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV09190",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
},
{
"name": "48299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48299"
},
{
"name": "maximo-reporttype-xss(71999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
},
{
"name": "52333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52333"
}
]
}
}

150
2011/1xxx/CVE-2011-1437.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=73526",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=73526"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14601",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14601"
},
{
"name" : "chrome-float-code-execution(67144)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=73526",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=73526"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "oval:org.mitre.oval:def:14601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14601"
},
{
"name": "chrome-float-code-execution(67144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67144"
}
]
}
}

180
2011/1xxx/CVE-2011-1522.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110325 CVE Request -- php-doctrine-Doctrine -- SQL injection flaw",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/25/2"
},
{
"name" : "[oss-security] 20110328 Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/28/3"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674"
},
{
"name" : "http://www.doctrine-project.org/blog/doctrine-security-fix",
"refsource" : "CONFIRM",
"url" : "http://www.doctrine-project.org/blog/doctrine-security-fix"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=689396",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=689396"
},
{
"name" : "DSA-2223",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2223"
},
{
"name" : "47034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110328 Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/28/3"
},
{
"name": "47034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47034"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622674"
},
{
"name": "DSA-2223",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2223"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689396",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689396"
},
{
"name": "[oss-security] 20110325 CVE Request -- php-doctrine-Doctrine -- SQL injection flaw",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/25/2"
},
{
"name": "http://www.doctrine-project.org/blog/doctrine-security-fix",
"refsource": "CONFIRM",
"url": "http://www.doctrine-project.org/blog/doctrine-security-fix"
}
]
}
}

160
2011/1xxx/CVE-2011-1668.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110401 AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517294/100/0/threaded"
},
{
"name" : "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt",
"refsource" : "MISC",
"url" : "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt"
},
{
"name" : "47126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47126"
},
{
"name" : "8193",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8193"
},
{
"name" : "arwebcontentmanager-search-xss(66536)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66536"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt",
"refsource": "MISC",
"url": "http://secpod.org/advisories/SECPOD_AWCM_XSS.txt"
},
{
"name": "arwebcontentmanager-search-xss(66536)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66536"
},
{
"name": "47126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47126"
},
{
"name": "8193",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8193"
},
{
"name": "20110401 AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517294/100/0/threaded"
}
]
}
}

140
2011/5xxx/CVE-2011-5019.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120103 TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0018.html"
},
{
"name" : "51254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51254"
},
{
"name" : "textpattern-ddb-xss(72102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51254"
},
{
"name": "20120103 TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0018.html"
},
{
"name": "textpattern-ddb-xss(72102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72102"
}
]
}
}

120
2011/5xxx/CVE-2011-5119.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://personalfirewall.comodo.com/release_notes.html",
"refsource" : "CONFIRM",
"url" : "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://personalfirewall.comodo.com/release_notes.html",
"refsource": "CONFIRM",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3098.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3098",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3098",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/3xxx/CVE-2014-3458.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3458",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3458",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2014/3xxx/CVE-2014-3580.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"
},
{
"name" : "https://support.apple.com/HT204427",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204427"
},
{
"name" : "APPLE-SA-2015-03-09-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name" : "DSA-3107",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3107"
},
{
"name" : "RHSA-2015:0165",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name" : "RHSA-2015:0166",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"name" : "USN-2721-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2721-1"
},
{
"name" : "71726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71726"
},
{
"name" : "61131",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3107",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3107"
},
{
"name": "RHSA-2015:0166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"name": "https://support.apple.com/HT204427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204427"
},
{
"name": "71726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71726"
},
{
"name": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt",
"refsource": "CONFIRM",
"url": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "61131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
]
}
}

160
2014/3xxx/CVE-2014-3600.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q1/427"
},
{
"name" : "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt",
"refsource" : "CONFIRM",
"url" : "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt"
},
{
"name" : "https://issues.apache.org/jira/browse/AMQ-5333",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/AMQ-5333"
},
{
"name" : "72510",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72510"
},
{
"name" : "apache-activemq-cve20143600-info-disc(100722)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/427"
},
{
"name": "72510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72510"
},
{
"name": "apache-activemq-cve20143600-info-disc(100722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100722"
},
{
"name": "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt"
},
{
"name": "https://issues.apache.org/jira/browse/AMQ-5333",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/AMQ-5333"
}
]
}
}

140
2014/6xxx/CVE-2014-6185.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695715",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"name" : "IT05713",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
},
{
"name" : "ibm-tsm-cve20146185-dso(98521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-cve20146185-dso(98521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"name": "IT05713",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
}
]
}
}

140
2014/7xxx/CVE-2014-7118.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#141793",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/141793"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#141793",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/141793"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7889.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF03279",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name" : "SSRT101695",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name" : "1031840",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101695",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name": "1031840",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031840"
},
{
"name": "HPSBHF03279",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
}
]
}
}

150
2014/8xxx/CVE-2014-8394.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150112 Corel Software DLL Hijacking",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534452/100/0/threaded"
},
{
"name" : "20150112 Corel Software DLL Hijacking",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/33"
},
{
"name" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking"
},
{
"name" : "72004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150112 Corel Software DLL Hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534452/100/0/threaded"
},
{
"name": "72004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72004"
},
{
"name": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking"
},
{
"name": "20150112 Corel Software DLL Hijacking",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/33"
}
]
}
}

150
2014/8xxx/CVE-2014-8420.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8420",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-385/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"name" : "https://support.software.dell.com/product-notification/136814",
"refsource" : "CONFIRM",
"url" : "https://support.software.dell.com/product-notification/136814"
},
{
"name" : "71241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71241"
},
{
"name" : "dell-sonicwall-cve20148420-code-exec(98911)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.software.dell.com/product-notification/136814",
"refsource": "CONFIRM",
"url": "https://support.software.dell.com/product-notification/136814"
},
{
"name": "dell-sonicwall-cve20148420-code-exec(98911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98911"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-385/"
},
{
"name": "71241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71241"
}
]
}
}

120
2014/8xxx/CVE-2014-8425.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-387/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-387/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-387/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-387/"
}
]
}
}

120
2016/2xxx/CVE-2016-2473.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

160
2016/2xxx/CVE-2016-2528.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-08.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312"
},
{
"name" : "GLSA-201604-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-05"
},
{
"name" : "1035118",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2016-08.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-08.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984"
},
{
"name": "GLSA-201604-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-05"
},
{
"name": "1035118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035118"
}
]
}
}

250
2016/2xxx/CVE-2016-2550.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-2550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160223 CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/23/2"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311517",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311517"
},
{
"name" : "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "DSA-3503",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3503"
},
{
"name" : "USN-2946-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2946-1"
},
{
"name" : "USN-2946-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2946-2"
},
{
"name" : "USN-2947-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2947-1"
},
{
"name" : "USN-2947-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2947-2"
},
{
"name" : "USN-2947-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2947-3"
},
{
"name" : "USN-2948-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"name" : "USN-2948-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2948-2"
},
{
"name" : "USN-2949-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2949-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311517"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "USN-2949-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2949-1"
},
{
"name": "[oss-security] 20160223 CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/23/2"
},
{
"name": "DSA-3503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3503"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6"
},
{
"name": "USN-2947-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2947-3"
},
{
"name": "USN-2947-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2947-2"
},
{
"name": "USN-2947-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2947-1"
},
{
"name": "USN-2946-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2946-2"
},
{
"name": "USN-2948-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"name": "USN-2946-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2946-1"
},
{
"name": "USN-2948-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-2"
},
{
"name": "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6"
}
]
}
}

270
2016/2xxx/CVE-2016-2775.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"
},
{
"name" : "https://kb.isc.org/article/AA-01438",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01438"
},
{
"name" : "https://kb.isc.org/article/AA-01435",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01435"
},
{
"name" : "https://kb.isc.org/article/AA-01436",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01436"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160722-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160722-0002/"
},
{
"name" : "FEDORA-2016-007efacd1c",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7T2WJP5ELO4ZRSBXSETIZ3GAO6KOEFTA/"
},
{
"name" : "FEDORA-2016-53f0c65f40",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/"
},
{
"name" : "FEDORA-2016-2941b3264e",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZUCSMEOZIZ2R2SKA4FPLTOVZHJBAOWC/"
},
{
"name" : "FEDORA-2016-3fba74e7f5",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/"
},
{
"name" : "GLSA-201610-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-07"
},
{
"name" : "RHBA-2017:0651",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2017:0651"
},
{
"name" : "RHBA-2017:1767",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2017:1767"
},
{
"name" : "RHSA-2017:2533",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2533"
},
{
"name" : "92037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92037"
},
{
"name" : "1036360",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-53f0c65f40",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/"
},
{
"name": "https://kb.isc.org/article/AA-01438",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01438"
},
{
"name": "RHBA-2017:1767",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2017:1767"
},
{
"name": "FEDORA-2016-3fba74e7f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/"
},
{
"name": "92037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92037"
},
{
"name": "GLSA-201610-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-07"
},
{
"name": "https://kb.isc.org/article/AA-01435",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01435"
},
{
"name": "RHBA-2017:0651",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2017:0651"
},
{
"name": "FEDORA-2016-2941b3264e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZUCSMEOZIZ2R2SKA4FPLTOVZHJBAOWC/"
},
{
"name": "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01393/74/CVE-2016-2775"
},
{
"name": "1036360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036360"
},
{
"name": "FEDORA-2016-007efacd1c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7T2WJP5ELO4ZRSBXSETIZ3GAO6KOEFTA/"
},
{
"name": "RHSA-2017:2533",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2533"
},
{
"name": "https://kb.isc.org/article/AA-01436",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01436"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160722-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160722-0002/"
}
]
}
}

170
2016/6xxx/CVE-2016-6259.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX214954",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX214954"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-183.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-183.html"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa183-4.6.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa183-4.6.patch"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa183-unstable.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa183-unstable.patch"
},
{
"name" : "92130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92130"
},
{
"name" : "1036447",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92130"
},
{
"name": "http://support.citrix.com/article/CTX214954",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX214954"
},
{
"name": "1036447",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036447"
},
{
"name": "http://xenbits.xen.org/xsa/xsa183-unstable.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa183-unstable.patch"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-183.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-183.html"
},
{
"name": "http://xenbits.xen.org/xsa/xsa183-4.6.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa183-4.6.patch"
}
]
}
}

120
2017/1001xxx/CVE-2017-1001001.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"ID" : "CVE-2017-1001001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PluXml",
"version" : {
"version_data" : [
{
"version_value" : "before 5.6"
}
]
}
}
]
},
"vendor_name" : "PluXml"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "josh@bress.net",
"ID": "CVE-2017-1001001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PluXml",
"version": {
"version_data": [
{
"version_value": "before 5.6"
}
]
}
}
]
},
"vendor_name": "PluXml"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/pluxml/PluXml/issues/253",
"refsource" : "CONFIRM",
"url" : "https://github.com/pluxml/PluXml/issues/253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluxml/PluXml/issues/253",
"refsource": "CONFIRM",
"url": "https://github.com/pluxml/PluXml/issues/253"
}
]
}
}

180
2017/18xxx/CVE-2017-18123.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"name" : "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"name" : "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86",
"refsource" : "MISC",
"url" : "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"name" : "https://github.com/splitbrain/dokuwiki/issues/2029",
"refsource" : "MISC",
"url" : "https://github.com/splitbrain/dokuwiki/issues/2029"
},
{
"name" : "https://github.com/splitbrain/dokuwiki/pull/2019",
"refsource" : "MISC",
"url" : "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"name" : "https://hackerone.com/reports/238316",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/238316"
},
{
"name" : "https://vulnhive.com/2018/000004",
"refsource" : "MISC",
"url" : "https://vulnhive.com/2018/000004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/pull/2019",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"name": "https://vulnhive.com/2018/000004",
"refsource": "MISC",
"url": "https://vulnhive.com/2018/000004"
},
{
"name": "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"name": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"name": "https://hackerone.com/reports/238316",
"refsource": "MISC",
"url": "https://hackerone.com/reports/238316"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/2029",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/issues/2029"
}
]
}
}

132
2017/18xxx/CVE-2017-18137.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-18137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Data"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-18137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2017/18xxx/CVE-2017-18167.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18167",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18167",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2017/1xxx/CVE-2017-1150.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999515",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999515"
},
{
"name" : "96597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96597"
},
{
"name" : "1037946",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037946"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037946",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037946"
},
{
"name": "96597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96597"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999515",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999515"
}
]
}
}

142
2017/1xxx/CVE-2017-1458.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-31T00:00:00",
"ID" : "CVE-2017-1458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar Network Security",
"version" : {
"version_data" : [
{
"version_value" : "5.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-31T00:00:00",
"ID": "CVE-2017-1458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar Network Security",
"version": {
"version_data": [
{
"version_value": "5.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22007551",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22007551"
},
{
"name" : "100638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007551",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007551"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128377"
},
{
"name": "100638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100638"
}
]
}
}

154
2017/1xxx/CVE-2017-1665.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2017-1665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.5"
},
{
"version_value" : "2.6"
},
{
"version_value" : "2.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "2.5"
},
{
"version_value": "2.6"
},
{
"version_value": "2.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012023",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012023"
},
{
"name" : "DSA-4262",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012023",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012023"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133559"
},
{
"name": "DSA-4262",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4262"
}
]
}
}

170
2017/5xxx/CVE-2017-5042.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/671932",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/671932"
},
{
"name" : "DSA-3810",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3810"
},
{
"name" : "GLSA-201704-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-02"
},
{
"name" : "RHSA-2017:0499",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"name" : "96767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201704-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-02"
},
{
"name": "https://crbug.com/671932",
"refsource": "CONFIRM",
"url": "https://crbug.com/671932"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
}

120
2017/5xxx/CVE-2017-5240.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AppSpider Pro",
"version" : {
"version_data" : [
{
"version_value" : "All version prior to 6.14.060"
}
]
}
}
]
},
"vendor_name" : "Rapid7"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AppSpider Pro",
"version": {
"version_data": [
{
"version_value": "All version prior to 6.14.060"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/docs/DOC-3631",
"refsource" : "CONFIRM",
"url" : "https://community.rapid7.com/docs/DOC-3631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/docs/DOC-3631",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/docs/DOC-3631"
}
]
}
}

152
2017/5xxx/CVE-2017-5463.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "53"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Addressbar spoofing through reader view on Firefox for Android"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name" : "97940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97940"
},
{
"name" : "1038320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Addressbar spoofing through reader view on Firefox for Android"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
}
]
}
}

202
2017/5xxx/CVE-2017-5706.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00",
"ID" : "CVE-2017-5706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Server Platform Services",
"version" : {
"version_data" : [
{
"version_value" : "4.0"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-11-20T00:00:00",
"ID": "CVE-2017-5706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Server Platform Services",
"version": {
"version_data": [
{
"version_value": "4.0"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twitter.com/PTsecurity_UK/status/938447926128291842",
"refsource" : "MISC",
"url" : "https://twitter.com/PTsecurity_UK/status/938447926128291842"
},
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171120-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171120-0001/"
},
{
"name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource" : "CONFIRM",
"url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us"
},
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name" : "101906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101906"
},
{
"name" : "1039955",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101906"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171120-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171120-0001/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us"
},
{
"name": "1039955",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039955"
},
{
"name": "https://twitter.com/PTsecurity_UK/status/938447926128291842",
"refsource": "MISC",
"url": "https://twitter.com/PTsecurity_UK/status/938447926128291842"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
},
{
"name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0",
"refsource": "CONFIRM",
"url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0"
}
]
}
}

34
2017/5xxx/CVE-2017-5745.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5745",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5745",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/5xxx/CVE-2017-5990.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the \"form\" HTTP GET parameter passed to the \"PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php\" and \"PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php\" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge \"stable release\" (aka R37RC1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c",
"refsource" : "CONFIRM",
"url" : "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c"
},
{
"name" : "https://github.com/phreebooks/PhreeBooksERP/issues/230",
"refsource" : "CONFIRM",
"url" : "https://github.com/phreebooks/PhreeBooksERP/issues/230"
},
{
"name" : "96219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the \"form\" HTTP GET parameter passed to the \"PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php\" and \"PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php\" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge \"stable release\" (aka R37RC1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phreebooks/PhreeBooksERP/issues/230",
"refsource": "CONFIRM",
"url": "https://github.com/phreebooks/PhreeBooksERP/issues/230"
},
{
"name": "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c",
"refsource": "CONFIRM",
"url": "https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c"
},
{
"name": "96219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96219"
}
]
}
}