admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #210 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2020-01-09 10:34:22 -05:00 committed by GitHub
commit 9baaa3c2fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3675 changed files with 82266 additions and 2832 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2004/2xxx/CVE-2004-2776.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2776",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/mikaku/Monitorix/issues/30",
"url": "https://github.com/mikaku/Monitorix/issues/30"
},
{
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/12/12/8",
"url": "http://openwall.com/lists/oss-security/2013/12/12/8"
},
{
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=109164242705572&w=2",
"url": "http://marc.info/?l=bugtraq&m=109164242705572&w=2"
}
]
}

48
2010/3xxx/CVE-2010-3782.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3782",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html"
}
]
}

70
2011/3xxx/CVE-2011-3585.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3585",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "General Race Condition"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Samba",
"product": {
"product_data": [
{
"product_name": "Samba",
"version": {
"version_data": [
{
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=7179",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7179"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=742907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742907"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/09/27/1",
"url": "https://www.openwall.com/lists/oss-security/2011/09/27/1"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/09/30/5",
"url": "https://www.openwall.com/lists/oss-security/2011/09/30/5"
},
{
"refsource": "MISC",
"name": "https://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200",
"url": "https://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200"
}
]
}

58
2011/5xxx/CVE-2011-5018.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5018",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Koala Framework before 2011-11-21 has XSS via the request_uri parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.cloudscan.me/2011/12/cve-2011-5018-koala-framework-xss.html",
"refsource": "MISC",
"name": "http://www.cloudscan.me/2011/12/cve-2011-5018-koala-framework-xss.html"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!topic/koala-framework-dev/wgHDD7N7qhk",
"url": "https://groups.google.com/forum/#!topic/koala-framework-dev/wgHDD7N7qhk"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/koala-framework/koala-framework/commit/59f81ea6bd8ef96c04a706a3ca453cd656284faa",
"url": "https://github.com/koala-framework/koala-framework/commit/59f81ea6bd8ef96c04a706a3ca453cd656284faa"
}
]
}

48
2011/5xxx/CVE-2011-5247.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5247",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.securityfocus.com/archive/1/525003",
"refsource": "MISC",
"name": "https://www.securityfocus.com/archive/1/525003"
}
]
}

53
2011/5xxx/CVE-2011-5250.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5250",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Snare for Linux before 1.7.0 has CSRF in the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80613",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80613"
},
{
"url": "https://www.securityfocus.com/archive/1/525002",
"refsource": "MISC",
"name": "https://www.securityfocus.com/archive/1/525002"
}
]
}

48
2011/5xxx/CVE-2011-5266.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5266",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2011/May/163",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2011/May/163"
}
]
}

85
2012/4xxx/CVE-2012-4451.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4451",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,86 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zend Technologies",
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "2.0.x before 2.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=436210",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2012/q3/571",
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2012/q3/573",
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"refsource": "MISC",
"name": "http://framework.zend.com/security/advisory/ZF2012-03",
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=860738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"refsource": "MISC",
"name": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733",
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55636",
"url": "http://www.securityfocus.com/bid/55636"
}
]
}

65
2012/5xxx/CVE-2012-5474.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5474",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-django-horizon",
"product": {
"product_data": [
{
"product_name": "python-django-horizon",
"version": {
"version_data": [
{
"version_value": "before 2012.1.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dashboard /etc/openstack-dashboard/local_settings secret key exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5474",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5474"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5474",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5474"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html"
}
]
}

60
2012/5xxx/CVE-2012-5476.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5476",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openstack-dashboard",
"product": {
"product_data": [
{
"product_name": "openstack-dashboard",
"version": {
"version_data": [
{
"version_value": "RHOS Essex Preview (2012.2)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5476",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5476"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5476",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5476"
}
]
}

110
2012/5xxx/CVE-2012-5645.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5645",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "freeciv",
"product": {
"product_data": [
{
"product_name": "freeciv",
"version": {
"version_data": [
{
"version_value": "before 2.3.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,88 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS (memory exhaustion or excessive CPU consumption) via malformed network packets"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5645",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5645"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5645",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5645"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/12/18/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/18/5"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/31/2",
"url": "http://www.openwall.com/lists/oss-security/2012/12/31/2"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/22/4",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/4"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/30/11",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/11"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/30/8",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/8"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/41352",
"url": "http://www.securityfocus.com/bid/41352"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306"
}
]
}

70
2012/5xxx/CVE-2012-5663.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5663",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "textproc/isearch package",
"product": {
"product_data": [
{
"product_name": "textproc/isearch package",
"version": {
"version_data": [
{
"version_value": "before 1.47.01nb1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5663",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5663"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5663",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5663"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/12/21/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/21/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/21/3",
"url": "http://www.openwall.com/lists/oss-security/2012/12/21/3"
},
{
"refsource": "MISC",
"name": "http://gnats.netbsd.org/47360",
"url": "http://gnats.netbsd.org/47360"
}
]
}

48
2012/5xxx/CVE-2012-5693.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5693",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23123",
"url": "https://www.htbridge.com/advisory/HTB23123"
}
]
}

53
2012/5xxx/CVE-2012-5878.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5878",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23123",
"url": "https://www.htbridge.com/advisory/HTB23123"
},
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23127",
"url": "https://www.htbridge.com/advisory/HTB23127"
}
]
}

55
2013/0xxx/CVE-2013-0196.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0196",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenShift",
"product": {
"product_data": [
{
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0196",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0196"
}
]
}

55
2013/0xxx/CVE-2013-0264.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0264",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cumin",
"product": {
"product_data": [
{
"product_name": "cumin",
"version": {
"version_data": [
{
"version_value": "r5310"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "General Configuration Problem"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0264",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0264"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0264",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0264"
}
]
}

50
2013/0xxx/CVE-2013-0737.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0737",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BoltWire",
"product": {
"product_data": [
{
"product_name": "BoltWire",
"version": {
"version_data": [
{
"version_value": "3.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
]
}

58
2013/1xxx/CVE-2013-1420.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1420",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23141",
"url": "https://www.htbridge.com/advisory/HTB23141"
},
{
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html"
},
{
"refsource": "MISC",
"name": "http://get-simple.info/changelog",
"url": "http://get-simple.info/changelog"
}
]
}

58
2013/1xxx/CVE-2013-1642.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1642",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +11,62 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/realtimeprojects/quixplorer",
"url": "https://github.com/realtimeprojects/quixplorer"
},
{
"refsource": "MISC",
"name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt",
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89056",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89056"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}
}

90
2013/2xxx/CVE-2013-2016.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2016",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "qemu",
"product": {
"product_data": [
{
"product_name": "qemu (virtio-rng)",
"version": {
"version_data": [
{
"version_value": "v1.3.0 and later"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,68 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2016",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2016"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2016",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2016"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/29/5",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/5"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/29/6",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/6"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59541",
"url": "http://www.securityfocus.com/bid/59541"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83850",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83850"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d",
"url": "https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d"
}
]
}

55
2013/3xxx/CVE-2013-3246.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3246",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
]
}

55
2013/3xxx/CVE-2013-3247.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3247",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
]
}

70
2013/3xxx/CVE-2013-3619.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3619",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supermicro",
"product": {
"product_data": [
{
"product_name": "IPMI",
"version": {
"version_data": [
{
"version_value": "before SMT_X9_317 and before SMT X8 312"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.citrix.com/article/CTX216642",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"refsource": "CONFIRM",
"name": "http://support.citrix.com/article/CTX216642",
"url": "http://support.citrix.com/article/CTX216642"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
},
{
"refsource": "CONFIRM",
"name": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
"url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
}
]
}

70
2013/3xxx/CVE-2013-3620.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3620",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supermicro",
"product": {
"product_data": [
{
"product_name": "IPMI",
"version": {
"version_data": [
{
"version_value": "before 3.15 (SMT_X9_315) and before SMT X8 312"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.citrix.com/article/CTX216642",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"refsource": "CONFIRM",
"name": "http://support.citrix.com/article/CTX216642",
"url": "http://support.citrix.com/article/CTX216642"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89045",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89045"
},
{
"refsource": "CONFIRM",
"name": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
"url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
}
]
}

14
2013/3xxx/CVE-2013-3621.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3621",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-3621",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

60
2013/3xxx/CVE-2013-3931.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jomres",
"product": {
"product_data": [
{
"product_name": "Jomres component for Joomla!",
"version": {
"version_data": [
{
"version_value": "before 7.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61634",
"url": "http://www.securityfocus.com/bid/61634"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86251",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86251"
},
{
"refsource": "MISC",
"name": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html",
"url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"
}
]
}

60
2013/3xxx/CVE-2013-3932.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3932",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jomres",
"product": {
"product_data": [
{
"product_name": "Jomres component for Joomla!",
"version": {
"version_data": [
{
"version_value": "before 7.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61635",
"url": "http://www.securityfocus.com/bid/61635"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"
},
{
"refsource": "MISC",
"name": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html",
"url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"
}
]
}

65
2013/3xxx/CVE-2013-3935.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3935",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Opsview",
"product": {
"product_data": [
{
"product_name": "Opsview",
"version": {
"version_data": [
{
"version_value": "before 4.4.1"
}
]
}
},
{
"product_name": "Opsview Core",
"version": {
"version_data": [
{
"version_value": "before 20130522"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes",
"url": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes"
},
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822",
"url": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822"
}
]
}

65
2013/3xxx/CVE-2013-3936.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3936",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Opsview",
"product": {
"product_data": [
{
"product_name": "Opsview",
"version": {
"version_data": [
{
"version_value": "before 4.4.1"
}
]
}
},
{
"product_name": "Opsview Core",
"version": {
"version_data": [
{
"version_value": "before 20130522"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes",
"url": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes"
},
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822",
"url": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822"
}
]
}

55
2013/3xxx/CVE-2013-3937.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3937",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "SECUNIA",
"name": "52101",
"url": "http://secunia.com/advisories/52101"
},
{
"refsource": "CONFIRM",
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087"
}
]
}

55
2013/3xxx/CVE-2013-3939.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3939",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "SECUNIA",
"name": "52101",
"url": "http://secunia.com/advisories/52101"
},
{
"refsource": "CONFIRM",
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087"
}
]
}

55
2013/3xxx/CVE-2013-3941.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3941",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087"
},
{
"refsource": "MISC",
"name": "http://secunia.com/advisories/52101",
"url": "http://secunia.com/advisories/52101"
}
]
}

60
2013/3xxx/CVE-2013-3944.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3944",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IrfanView",
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/64385",
"url": "http://www.securityfocus.com/bid/64385"
},
{
"refsource": "CONFIRM",
"name": "https://www.irfanview.com/history_old.htm",
"url": "https://www.irfanview.com/history_old.htm"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
]
}

55
2013/3xxx/CVE-2013-3945.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IrfanView",
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"refsource": "CONFIRM",
"name": "https://www.irfanview.com/history_old.htm",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}

55
2013/3xxx/CVE-2013-3946.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3946",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IrfanView",
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"refsource": "CONFIRM",
"name": "https://www.irfanview.com/history_old.htm",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}

70
2013/4xxx/CVE-2013-4161.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4161",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gksu-polkit-0.0.3-6.fc18",
"product": {
"product_data": [
{
"product_name": "gksu-polkit-0.0.3-6.fc18",
"version": {
"version_data": [
{
"version_value": "0.0.3-6.fc18"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4161",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4161"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4161",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4161"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html"
}
]
}

120
2013/4xxx/CVE-2013-4357.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4357",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eglibc",
"product": {
"product_data": [
{
"product_name": "eglibc",
"version": {
"version_data": [
{
"version_value": "before 2.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,98 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4357",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4357"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4357",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4357"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/28/18",
"url": "http://www.openwall.com/lists/oss-security/2015/01/28/18"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/29/21",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/24/3",
"url": "http://www.openwall.com/lists/oss-security/2015/02/24/3"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/4",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/4"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/8",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/8"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67992",
"url": "http://www.securityfocus.com/bid/67992"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-1",
"url": "http://www.ubuntu.com/usn/USN-2306-1"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-2",
"url": "http://www.ubuntu.com/usn/USN-2306-2"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-3",
"url": "http://www.ubuntu.com/usn/USN-2306-3"
}
]
}

80
2013/4xxx/CVE-2013-4532.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4532",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "qemu",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "1.1.2+dfsg to 2.1+dfsg"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4532",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4532"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4532",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4532"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2342-1",
"url": "http://www.ubuntu.com/usn/USN-2342-1"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2",
"url": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2"
}
]
}

118
2013/4xxx/CVE-2013-4752.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4752",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,98 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released",
"url": "http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86367",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86367"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61715",
"url": "http://www.securityfocus.com/bid/61715"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86365",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86365"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86366",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86366"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86368",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86368"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86369",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86369"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86370",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86370"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86371",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86371"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86372",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86372"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86373",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86373"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86374",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86374"
}
]
}

58
2013/5xxx/CVE-2013-5122.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5122",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/60897",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60897"
},
{
"url": "http://www.securitytracker.com/id/1029769",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1029769"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/cve/CVE-2013-5122",
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-5122"
}
]
}

48
2013/5xxx/CVE-2013-5571.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5571",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HMailServer 5.3.x and prior: Memory Corruption which could cause DOS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securiteam.com/securitynews/5QP3O0UAKA.html",
"refsource": "MISC",
"name": "http://www.securiteam.com/securitynews/5QP3O0UAKA.html"
}
]
}

48
2013/5xxx/CVE-2013-5637.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5637",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PQI AirCard has persistent XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://firmware.re/vulns/acsa-2013-007.php",
"url": "http://firmware.re/vulns/acsa-2013-007.php"
}
]
}

53
2013/5xxx/CVE-2013-5638.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5638",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Transcend WiFiSD 1.8 has persistent XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://firmware.re/usenixsec14/",
"refsource": "MISC",
"name": "http://firmware.re/usenixsec14/"
},
{
"refsource": "MISC",
"name": "http://firmware.re/vulns/acsa-2013-006.php",
"url": "http://firmware.re/vulns/acsa-2013-006.php"
}
]
}

58
2013/5xxx/CVE-2013-5656.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5656",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realpentesting.blogspot.com.es/p/advisories.html",
"refsource": "MISC",
"name": "http://realpentesting.blogspot.com.es/p/advisories.html"
},
{
"url": "http://www.exploit-db.com/exploits/25130",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/25130"
},
{
"url": "http://seclists.org/fulldisclosure/2013/Sep/8",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Sep/8"
}
]
}

58
2013/5xxx/CVE-2013-5657.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5657",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realpentesting.blogspot.com.es/p/advisories.html",
"refsource": "MISC",
"name": "http://realpentesting.blogspot.com.es/p/advisories.html"
},
{
"url": "http://seclists.org/fulldisclosure/2013/Sep/8",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Sep/8"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/62112",
"url": "https://www.securityfocus.com/bid/62112"
}
]
}

58
2013/5xxx/CVE-2013-5658.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5658",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AultWare pwStore 2010.8.30.0 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://realpentesting.blogspot.com.es/p/advisories.html",
"refsource": "MISC",
"name": "http://realpentesting.blogspot.com.es/p/advisories.html"
},
{
"url": "http://seclists.org/fulldisclosure/2013/Sep/8",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Sep/8"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/123049/PWStore-2010.8.30.0-Cross-Site-Scripting-Denial-Of-Service.html",
"url": "https://packetstormsecurity.com/files/123049/PWStore-2010.8.30.0-Cross-Site-Scripting-Denial-Of-Service.html"
}
]
}

68
2013/6xxx/CVE-2013-6242.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6242",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "http://seclists.org/bugtraq/2013/Nov/127",
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"refsource": "MISC",
"name": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6",
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
},
{
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1029394",
"url": "http://www.securitytracker.com/id/1029394"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89250"
}
]
}

73
2013/7xxx/CVE-2013-7062.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7062",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://plone.org/security/20131210/zope-xss-in-OFS",
"url": "https://plone.org/security/20131210/zope-xss-in-OFS"
},
{
"refsource": "CONFIRM",
"name": "https://plone.org/security/20131210/zope-xss-in-browseridmanager",
"url": "https://plone.org/security/20131210/zope-xss-in-browseridmanager"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q4/467",
"url": "http://seclists.org/oss-sec/2013/q4/467"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q4/485",
"url": "http://seclists.org/oss-sec/2013/q4/485"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89623"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89627"
}
]
}

58
2013/7xxx/CVE-2013-7070.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7070",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/mikaku/Monitorix/issues/30",
"url": "https://github.com/mikaku/Monitorix/issues/30"
},
{
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/12/12/8",
"url": "http://openwall.com/lists/oss-security/2013/12/12/8"
},
{
"refsource": "MISC",
"name": "https://github.com/mikaku/Monitorix/commit/ff80441be7089f774448dfe4b49e6fced70e71cb",
"url": "https://github.com/mikaku/Monitorix/commit/ff80441be7089f774448dfe4b49e6fced70e71cb"
}
]
}

58
2013/7xxx/CVE-2013-7071.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7071",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/mikaku/Monitorix/issues/30",
"url": "https://github.com/mikaku/Monitorix/issues/30"
},
{
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/12/12/8",
"url": "http://openwall.com/lists/oss-security/2013/12/12/8"
},
{
"refsource": "MISC",
"name": "https://github.com/mikaku/Monitorix/commit/e86c11593238be6956a67a04d640c65810d50b59",
"url": "https://github.com/mikaku/Monitorix/commit/e86c11593238be6956a67a04d640c65810d50b59"
}
]
}

70
2013/7xxx/CVE-2013-7351.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-7351",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Shaarli",
"product": {
"product_data": [
{
"product_name": "Shaarli",
"version": {
"version_data": [
{
"version_value": "before 53da201749f8f362323ef278bf338f1d9f7a925a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a",
"url": "https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/sebsauvage/Shaarli/issues/134",
"url": "https://github.com/sebsauvage/Shaarli/issues/134"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q2/1",
"url": "http://seclists.org/oss-sec/2014/q2/1"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q2/4",
"url": "http://seclists.org/oss-sec/2014/q2/4"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92215",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92215"
}
]
}

97
2013/7xxx/CVE-2013-7485.json Normal file
View File

@ -0,0 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7485",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "OSVDB",
"name": "100385",
"url": "http://osvdb.org/100385"
},
{
"refsource": "SECTRACK",
"name": "1029394",
"url": "http://www.securitytracker.com/id/1029394"
},
{
"refsource": "XF",
"name": "openxchange-appsuite-url-xss(89251)",
"url": "http://xforce.iss.net/xforce/xfdb/89251"
},
{
"refsource": "SECUNIA",
"name": "55837",
"url": "http://secunia.com/advisories/55837"
},
{
"refsource": "XF",
"name": "openxchange-cve20136242-xss(89250)",
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"refsource": "BUGTRAQ",
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"refsource": "CONFIRM",
"name": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0",
"url": "https://forum.open-xchange.com/showthread.php?8090-Open-Xchange-releases-Security-Patch-2013-10-30-for-v7-2-2-and-v7-4-0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
}
]
}
}

82
2013/7xxx/CVE-2013-7486.json Normal file
View File

@ -0,0 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7486",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "SECTRACK",
"name": "1029394",
"url": "http://www.securitytracker.com/id/1029394"
},
{
"refsource": "XF",
"name": "openxchange-cve20136242-xss(89250)",
"url": "http://xforce.iss.net/xforce/xfdb/89250"
},
{
"refsource": "BUGTRAQ",
"name": "20131125 Open-Xchange Security Advisory 2013-11-25",
"url": "http://seclists.org/bugtraq/2013/Nov/127"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.html"
},
{
"refsource": "CONFIRM",
"name": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6",
"url": "https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions."
}
]
}
}

55
2014/0xxx/CVE-2014-0011.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0011",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TigerVNC",
"product": {
"product_data": [
{
"product_name": "TigerVNC",
"version": {
"version_data": [
{
"version_value": "before 1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050928"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.3.1"
}
]
}

80
2014/0xxx/CVE-2014-0048.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0048",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "docker.io",
"product": {
"product_data": [
{
"product_name": "docker.io",
"version": {
"version_data": [
{
"version_value": "before 1.6.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0048",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0048"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0048",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0048"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/23",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/03/24/23"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/03/24/18",
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/18"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/03/24/22",
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/22"
}
]
}

65
2014/0xxx/CVE-2014-0104.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0104",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "fence-agents",
"product": {
"product_data": [
{
"product_name": "fence-agents",
"version": {
"version_data": [
{
"version_value": "before 4.0.17"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "no verification of remote SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0104",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0104"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0104",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0104"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0104",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0104"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0104",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0104"
}
]
}

55
2014/0xxx/CVE-2014-0161.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0161",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ovirt-engine-sdk-python",
"product": {
"product_data": [
{
"product_name": "ovirt-engine-sdk-python",
"version": {
"version_data": [
{
"version_value": "before 3.4.0.7 and 3.5.0.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not verify that the remote endpoint's hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0161",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0161"
}
]
}

55
2014/0xxx/CVE-2014-0169.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0169",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "JBoss EAP",
"version": {
"version_data": [
{
"version_value": "6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0169",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0169"
}
]
}

55
2014/0xxx/CVE-2014-0183.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0183",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Katello",
"product": {
"product_data": [
{
"product_name": "Katello",
"version": {
"version_data": [
{
"version_value": "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0183",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0183"
}
]
}

60
2014/0xxx/CVE-2014-0245.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0245",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "JBoss Portal",
"version": {
"version_data": [
{
"version_value": "6.2.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure via unsafe concurrency handling in interceptor"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-0245",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-0245"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1009",
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
]
}

62
2014/10xxx/CVE-2014-10398.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-10398",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt",
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value."
}
]
}
}

58
2014/1xxx/CVE-2014-1409.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1409",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2014/Apr/21",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/Apr/21"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92351",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92351"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/cve/CVE-2014-1409",
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1409"
}
]
}

53
2014/1xxx/CVE-2014-1454.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1454",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92341",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92341"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/archive/1/531750",
"url": "https://www.securityfocus.com/archive/1/531750"
}
]
}

48
2014/1xxx/CVE-2014-1598.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1598",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "centurystar 7.12 ActiveX Control has a Stack Buffer Overflow"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_CenturyStar_ActiveX_Control_SetMyAddress_bo.xml",
"url": "https://support.ixiacom.com/strikes/exploits/scada/cve_2014_1598_CenturyStar_ActiveX_Control_SetMyAddress_bo.xml"
}
]
}

14
2014/1xxx/CVE-2014-1850.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1850",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1850",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate is a duplicate of CVE-2014-3743. Notes: All CVE users should reference CVE-2014-3743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
]
}

68
2014/1xxx/CVE-2014-1860.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1860",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/65293",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/65293"
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/cve/CVE-2014-1860",
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-database.net/?id=21609"
}
]
}

58
2014/2xxx/CVE-2014-2072.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2072",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/125308/Catia-V5-6R2013-Stack-Buffer-Overflow.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/125308/Catia-V5-6R2013-Stack-Buffer-Overflow.html"
},
{
"url": "http://www.securityfocus.com/bid/65675",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/65675"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-database.net/?id=60103"
}
]
}

53
2014/2xxx/CVE-2014-2650.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2650",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf",
"url": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf"
},
{
"refsource": "MISC",
"name": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx",
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
]
}

53
2014/2xxx/CVE-2014-2651.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2651",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf",
"refsource": "MISC",
"name": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf"
},
{
"refsource": "MISC",
"name": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx",
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
]
}

48
2014/2xxx/CVE-2014-2686.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2686",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ansible prior to 1.5.4 mishandles the evaluation of some strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ"
}
]
}

48
2014/3xxx/CVE-2014-3211.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3211",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Publify before 8.0.1 is vulnerable to a Denial of Service attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211",
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
]
}

53
2014/3xxx/CVE-2014-3447.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3447",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2014/May/86",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/May/86"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/126741/BSS-Continuity-CMS-4.2.22640.0-Denial-Of-Service.html",
"url": "https://packetstormsecurity.com/files/126741/BSS-Continuity-CMS-4.2.22640.0-Denial-Of-Service.html"
}
]
}

53
2014/3xxx/CVE-2014-3448.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3448",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html"
},
{
"url": "http://seclists.org/fulldisclosure/2014/May/85",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/May/85"
}
]
}

53
2014/3xxx/CVE-2014-3449.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3449",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html"
},
{
"url": "http://seclists.org/fulldisclosure/2014/May/84",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/May/84"
}
]
}

60
2014/3xxx/CVE-2014-3590.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3590",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat Satellite 6",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6",
"version": {
"version_data": [
{
"version_value": "6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3590",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3590"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3590"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-3590",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-3590"
}
]
}

63
2014/3xxx/CVE-2014-3743.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3743",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities",
"url": "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/05/13/1",
"url": "http://www.openwall.com/lists/oss-security/2014/05/13/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/05/15/2",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/2"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743"
}
]
}

48
2014/3xxx/CVE-2014-3753.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3753",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AgileBits 1Password through 1.0.9.340 allows security feature bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18986",
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18986"
}
]
}

48
2014/4xxx/CVE-2014-4196.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4196",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt",
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt"
}
]
}

48
2014/4xxx/CVE-2014-4553.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4553",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://codevigilant.com/disclosure/wp-plugin-spreadshirt-rss-3d-cube-flash-gallery-a3-cross-site-scripting-xss/",
"refsource": "MISC",
"name": "http://codevigilant.com/disclosure/wp-plugin-spreadshirt-rss-3d-cube-flash-gallery-a3-cross-site-scripting-xss/"
}
]
}

68
2014/5xxx/CVE-2014-5140.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5140",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/",
"url": "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/"
},
{
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/34552",
"url": "http://www.exploit-db.com/exploits/34552"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791"
},
{
"refsource": "MISC",
"name": "https://github.com/loadedcommerce/loaded7/pull/520",
"url": "https://github.com/loadedcommerce/loaded7/pull/520"
}
]
}

65
2014/5xxx/CVE-2014-5209.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5209",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NTP",
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.7p25"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K44942017",
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
},
{
"url": "https://support.f5.com/csp/article/K44942017",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K44942017"
}
]
}

58
2014/5xxx/CVE-2014-5287.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5287",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html"
},
{
"url": "https://www.exploit-db.com/exploits/36609/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/36609/"
},
{
"refsource": "CONFIRM",
"name": "https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf",
"url": "https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf"
}
]
}

58
2014/5xxx/CVE-2014-5516.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5516",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html"
},
{
"refsource": "MISC",
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt"
},
{
"refsource": "MISC",
"name": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new",
"url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new"
}
]
}

55
2014/6xxx/CVE-2014-6275.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6275",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "FusionForge",
"version": {
"version_data": [
{
"version_value": "before 5.3.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6275",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-6275"
},
{
"url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html",
"refsource": "MISC",
"name": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html"
}
]
}

65
2014/8xxx/CVE-2014-8182.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8182",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openldap",
"product": {
"product_data": [
{
"product_name": "openldap",
"version": {
"version_data": [
{
"version_value": "2.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-8182",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-8182"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-8182",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-8182"
}
]
}

53
2014/8xxx/CVE-2014-8337.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8337",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html",
"url": "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html"
},
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23239",
"url": "https://www.htbridge.com/advisory/HTB23239"
}
]
}

63
2014/8xxx/CVE-2014-8516.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8516",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-372/",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-372/"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/70895",
"url": "http://www.securityfocus.com/bid/70895"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98475",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98475"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/129023",
"url": "https://packetstormsecurity.com/files/129023"
}
]
}

63
2014/8xxx/CVE-2014-8673.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8673",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html"
},
{
"url": "http://www.securityfocus.com/bid/75726",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75726"
},
{
"url": "http://seclists.org/fulldisclosure/2015/Jul/44",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jul/44"
},
{
"url": "https://www.exploit-db.com/exploits/37604/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/37604/"
}
]
}

63
2014/8xxx/CVE-2014-8674.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8674",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html"
},
{
"url": "http://www.securityfocus.com/bid/75726",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75726"
},
{
"url": "http://seclists.org/fulldisclosure/2015/Jul/44",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jul/44"
},
{
"url": "https://www.exploit-db.com/exploits/37604/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/37604/"
}
]
}

63
2014/9xxx/CVE-2014-9405.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9405",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"url": "http://www.securityfocus.com/bid/74936",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74936"
},
{
"url": "http://seclists.org/fulldisclosure/2015/Jun/1",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jun/1"
},
{
"url": "http://www.securityfocus.com/archive/1/535660/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/535660/100/0/threaded"
}
]
}

74
2014/9xxx/CVE-2014-9908.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9908",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +43,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/94167",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94167"
},
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"refsource": "MISC",
"name": "https://vuldb.com/?id.93449",
"url": "https://vuldb.com/?id.93449"
},
{
"refsource": "MISC",
"name": "https://github.com/Genymobile/f2ut_platform_frameworks_base/commit/f24cec326f5f65c693544fb0b92c37f633bacda2",
"url": "https://github.com/Genymobile/f2ut_platform_frameworks_base/commit/f24cec326f5f65c693544fb0b92c37f633bacda2"
}
]
}

63
2015/4xxx/CVE-2015-4039.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4039",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/132011/WordPress-WP-Membership-1.2.3-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/535586/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/37074/",
"url": "https://www.exploit-db.com/exploits/37074/"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74766",
"url": "http://www.securityfocus.com/bid/74766"
}
]
}

58
2015/4xxx/CVE-2015-4553.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4553",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/75285",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75285"
},
{
"url": "http://seclists.org/fulldisclosure/2015/Jun/47",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jun/47"
},
{
"url": "https://www.exploit-db.com/exploits/37423/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/37423/"
}
]
}

63
2015/5xxx/CVE-2015-5591.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5591",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"refsource": "MISC",
"name": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"refsource": "MISC",
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2015/07/18/3",
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}

63
2015/5xxx/CVE-2015-5592.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5592",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"refsource": "MISC",
"name": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"refsource": "MISC",
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2015/07/18/3",
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}

58
2015/5xxx/CVE-2015-5593.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5593",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in \"<<script></script>script>payload<script></script></script>\", or in an image tag, with the payload as the onerror event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"refsource": "MISC",
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/07/18/3",
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}

58
2015/5xxx/CVE-2015-5595.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5595",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"refsource": "MISC",
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/07/18/3",
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}

68
2015/5xxx/CVE-2015-5951.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5951",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html"
},
{
"url": "http://www.securityfocus.com/bid/76271",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76271"
},
{
"url": "http://seclists.org/fulldisclosure/2015/Aug/25",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Aug/25"
},
{
"url": "http://www.securityfocus.com/archive/1/536163/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/536163/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2015/Aug/32",
"url": "https://seclists.org/bugtraq/2015/Aug/32"
}
]
}

62
2015/9xxx/CVE-2015-9540.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-18-2015-05-02-Low-Moderate-risk-URL-hijackingspoofing",
"refsource": "MISC",
"name": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-18-2015-05-02-Low-Moderate-risk-URL-hijackingspoofing"
}
]
}
}

68
2016/1000xxx/CVE-2016-1000021.json
View File

@ -1,71 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-1000021",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lock_file and log_file, which allows an attacker to overwrite files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000021.json",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000021.json"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000021",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000021"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000021",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000021"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10538. Reason: This candidate is a duplicate of CVE-2016-10538. Notes: All CVE users should reference CVE-2016-10538 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

Some files were not shown because too many files have changed in this diff Show More